Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 41 subscribers
  • Views 69065 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding, why do some rules work and others not??

MattClinton

Hi,


I currently have a Watchguard XTM 22 series with no security bundles, just running in standard Firewall mode. Rules on that are dead easy to setup and just tend to just work.

Now the reason for me trying out other software is because I could do with some hardware that can handle higher throughput across subnets and of course, the ability to do forms of scanning and web filtering.

I was trying out pfSense, which worked okay but I still couldnt get Bacula to work through it (same issue I am having with Sophos XG). And Sophos caught my eye with all of it's filtering features.

I have found that all of my rules that go to things such as Plex and my Synology work fine, but when I set them up exactly the same to forward ports for Bacula - my backups just won't run.


Here is an image of my current rules, the IP in Source refers to my #Port 1 as I have a Dynamic IP. I have marked which ones work and which ones don't (even though some traffic hits BACULA-SD slightly). I have also tried these with Any Zone but that did not work.

Is anyone backing up remote servers with Bacula?

Any help is greately appreciated



This thread was automatically locked due to age.
  • 0 in reply to MattClinton
    Matt,
    you should enable rewrite source address in order to NAT external IP to internal. Are you sure that HTTPS is working correctly?

    Luk
  • 0 in reply to lferrara
    Yeah the HTTPS is working absolutely fine to the Synology, so is the Plex rule - Unable to access them via their external IP from the LAN but can when I am on an external network. I haven't used the 'Rewrite source address (masquerading)' at all.

    I will change the hard drive in the server again in a couple hours and give that option a go. Going to let the rest of the family have non internet disturbance for a bit :P

    Cheers
  • 0 in reply to lferrara

    I enabled the option:

    I also applied this to the HTTPS and Plex rules and they were both fine.


    I ran a backup from Bacula again but it just gets stuck at the same place (all storage in configs points to local 192.168.8.12):


    Traffic hits the rule like it was before but the backups just will not run, it's like it is sending traffic out but not allowing any in:


    I have a Dynamic IP address too btw.

  • 0 in reply to MattClinton
    What do the logs say?

    Security logs I mean.

    Luk
  • 0 in reply to lferrara
    I don't have rewrite source address enabled on my port forwarding rules and they work just fine? What does it actually do?
  • 0 in reply to psykix
    Physik,

    rewrite source address is happening automatically. The rewrite source address is making a little bit confusion.
    With or without works! For bacula, if you try a telnet from external do you reach the external ip? I mean
    telnet publicip 9101?

    Does the bacula uses XG as default gateway?

    Luk
  • 0 in reply to lferrara

    Did you try setting MASQ instead of NAT?  Without reading deeply into your problem, most of the guides I've seen in my limited 1 week with this firewall, seem to say to use masquerade.  From what I've read NAT is actually better performance, but this firewall seems very buggy, so sometimes it's best to just try what works for others I'd say.


    So far, I wish I was back on IPCop, but that doesn't have the same level of protection.  Hopefully patches are coming.

Unfiltered HTML