Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 2177 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT Rule - Alternate incoming SQL Port to standard 1433 port

riad63

RE: UTM 9.314

I created a DNAT rule to forward an alternate TCP port (14xx) to an internal SQL Server (at Default TCP Port 1433).

I use SQL Management studio to connect and it works for a while. A day or so later I try again, and it will not work.

The only way I can get it to work again is to restart the UTM 9 router.

I am not sure what I'm missing here but it's driving me crazy.

Not sure if I need another type of NAT to make this work all the time.

Any help would be appreciated.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi

    Is DNAT rule configured with an additional WAN IP or with a WAN interface IP?

    It would be great if you can share a snapshot of a DNAT rule here or in PM.

    Could you please take an output of the below command in the shell when the issue persists again?

    Login to shell and run below command: support.sophos.com/.../KB-000038680

    utm:/root # tcpdump -nei any port <alternate TCP port> or port <default sql port>

    eg: utm:/root # tcpdump -nei any port 1444 or port 1433

  • 0 in reply to FormerMember

    Thanks for your answer. The DNAT rule is configured on the same WAN IP (Interface IP) as the UTM 9 (See Below).

    Like I said, it works sometime and sometime it doesn't. I'm coming in from port 1455 to port 1433 on the local server.

    Right now it is working again, so I cannot test.  When I view the firewall LIVE LOG, the rule always shows that it is working.

    But for some reason sometimes it shows it is going through but the connection to the SQL Server does not work.

  • 0 in reply to riad63

    Hi and welcome to the UTM Community!

    What's the output of the following?  (assuming your server is 172.20.1.33)

    zgrep '172\.20\.1\.33' /var/log/packetfilter/2021/03/* |grep drop |tail -2

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to FormerMember

    I ran the command (see below). Nothing happened. How do  I view the results?

  • 0 in reply to BAlfson

    Which server ip are you referring to? the UTM9 public IP or the public IP I'm connecting from?

  • FormerMember
    0 FormerMember in reply to riad63

    You need to execute the command without '#'

    utm:/root # tcpdump -nei any port 1444 or port 1433

    You may also share output of the command suggested by BAlfson.

    utm:/root # zgrep '172\.20\.1\.33' /var/log/packetfilter/2021/03/* |grep drop |tail -10

    where 172.20.1.33 is a local IP of server

    You can post the output here or can also share it via PM.

    Attaching a snapshot for reference.

Unfiltered HTML