Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 18337 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to port forward? New to this.

steve flann

I am helping out a office setup a port forward on UTM 9 Firewall.

here is message we received from software company

 

.....you need to configure the firewall so that port 22, 80, and 443 is pointing to Pace (192.168.0.47) port 22, 80, 443....

 

Im creating a new NAT rule but get confused on what exactly I need to change and configure



This thread was automatically locked due to age.
Parents
  • 0

    I'm assuming that 192.168.0.47 is on your internal network and all clients on that network can reach the internet ie so that 192.168.0.47 can reach the internet also.

    You need to create 3x DNAT rule one for http (80), one for https (443), and one for ssh (22)
    You can select automatic firewall rules here for simplicity otherwise you will need to create the appropriate rules after creating the DNAT's

    Basically it is DNAT under network protection > NAT

    Rule Type = DNAT

    Traffic coming from: ANY
    Using Service = http <<< you create a rule for each service eg http, https, ssh
    Going to = WAN Interface (your outside internet facing interface)

    Change the destination to: 192.168.0.47
    And the service to: leave blank

     

    Tick Auto firewall rules and logging if desired to see the traffic appear in the firewall logs.

    Thats basically it.

     

    My preferred way would be to use the WAF (web application firewall) further down the menu on the UTM which will offer you better protection with http/https (no DNAT required here as it proxies incoming requests)

    You will still need a DNAT for ssh. Make sure your ssh password is strong and that you have further protection on that server eg fail2ban etc as ssh brute force attempts are commonplace. My servers get hit thousands of times a day.

Reply
  • 0

    I'm assuming that 192.168.0.47 is on your internal network and all clients on that network can reach the internet ie so that 192.168.0.47 can reach the internet also.

    You need to create 3x DNAT rule one for http (80), one for https (443), and one for ssh (22)
    You can select automatic firewall rules here for simplicity otherwise you will need to create the appropriate rules after creating the DNAT's

    Basically it is DNAT under network protection > NAT

    Rule Type = DNAT

    Traffic coming from: ANY
    Using Service = http <<< you create a rule for each service eg http, https, ssh
    Going to = WAN Interface (your outside internet facing interface)

    Change the destination to: 192.168.0.47
    And the service to: leave blank

     

    Tick Auto firewall rules and logging if desired to see the traffic appear in the firewall logs.

    Thats basically it.

     

    My preferred way would be to use the WAF (web application firewall) further down the menu on the UTM which will offer you better protection with http/https (no DNAT required here as it proxies incoming requests)

    You will still need a DNAT for ssh. Make sure your ssh password is strong and that you have further protection on that server eg fail2ban etc as ssh brute force attempts are commonplace. My servers get hit thousands of times a day.

Children
No Data
Unfiltered HTML