Hello
V18 rules is confusing for now, how do i create a simple port forwarding, to allow access to a port from outside?
Thanks
Hello
V18 rules is confusing for now, how do i create a simple port forwarding, to allow access to a port from outside?
Thanks
alda said:Hello Luk,
please check ( below ) the DNAT firewall rule and appropriate DNAT rule. Especially focus on the Destination Zone and the Destination Network in the firewall rule. The Destination Zone is LAN zone and #PortB: 1 is the alias address on the WAN interface! It is very interesting interconnection of the Destination Zone and the Destination Network!
This is not me, but it is the result of business rule migration from v17.5 to v18 EAP1. But it really works. I learned something new again thanks to Sophos ...
However, it is important that the DNAT rule must be before the masquerading rule (MASQ) otherwise of course "matches" the User Portal.
Regards
alda
[:(]
Hello guys this is driving me nuts again... i thought i got it working but didnt it seems.
The above posted by Alda finally works but it is not making any sense to me.
"The Destination Zone is LAN zone and #PortB: 1 is the alias address on the WAN" If the destination is LAN surely the destination network has to be inside the LAN, why does it work when i selected the WAN port. No wonder it was not working until i followed this solution.
Am i understanding this wrong because it is not making any sense to me.
waghelak said:The above posted by Alda finally works but it is not making any sense to me.
"The Destination Zone is LAN zone and #PortB: 1 is the alias address on the WAN" If the destination is LAN surely the destination network has to be inside the LAN, why does it work when i selected the WAN port. No wonder it was not working until i followed this solution.
Am i understanding this wrong because it is not making any sense to me.
[:'(][:S][:|]
Hello waghelak,
I think the explanation is very simple, it's Sophos magic !
Sorry, I have a somewhat strange type of humor, but unfortunately nothing else I can think in the current situation ...
Regards
alda
Nothing magic!
Check what PMParth replied.
I think those are very good reasons on what they want to achieve and probably went through a very thoughtful process but it seems using the same firewall rule setup for both MASQ and DNAT is confusing and not making any sense.
It seems like they have just flipped roles for MASQ and DNAT. Many firewalls rules for one MASQ and many DNAT rules for one firewall rule :)
Surely they need to change the wording for "Destination Networks" as the option selected is determined on what is selected in "Destination Zone"
Well, cant answer in my thread.
Hows innovative to change a concept thats ingrained in everyones head?
Firewall rule: source, destination, action. Simple as that.
If I have a Lan (source 8.8.8.8) to Wan (destination any) rule, it'll never match anything because you know, thats an internet (wan) IP.
But how:
Wan (source any) to Lan (destination WAN IP address) rule, is supposed to have coherence? How is that valid?
"But you are going to lan and pointing to a wan IP address, that is never going to match!" The customer said.
"Yes, it will" Said the Sophos partner.
"Why? How? It doesnt make sense!" The astonished customer said.
"Magic!" As the last resort, the partner said.