I have migrated from V17x to V18 some month ago and with the very small used functions at home everything was working fine afterwards.
I was tying to setup a DNAt rules with port translation today without success. I used the wizard for DNAT internet to local server for ssh and it created one fw rule and NAT. The wizard does't ask for a dst. service just the source service.
So far it was working. SSH from WAN to internal worked by using port 22.
But to keep it a little more save i want to use port 8022 from WAN. Therefore i changed the two rules as follows:FW-RuleS-Zone: anyS-Net: any anytimeD-Zone LAND-Net: #port2 is the WAN portservice: change from ssh to a new generated TCP_8022The rest was kept as built from the wizard
o-source: anyo-dest: #port2 o-service: changed from ssh to TCP_8022T-source(SNAT) originalT-dest(DNAT) xxxnas internal hostt-service(PAT) changed from original to sshibound-if #port2 outbound-if anyWhen i try to save this i get a message "Original and translated services don't match" and i am not able to store that.Any idea why? What i am doinf wrong? CheersTorsten
Make Sure the selected protocols are same in original and translated service(TCP/UDP) and check the source ports mentioned.
First, don't use the DNAT wizard of v18, It's garbage by design.
"Original and translated services don't match"
You have a mismatch between the source and destinations services. Be sure your only changing the destination port on both services, here's rule example for what your trying to do now:
External facing port (service)
Local port (service)
This will translate the external facing port 8022 on #Port2 (WAN) to the internal 22 on the machine "Saturn".
And here's the firewall rule.
And here's the result :)
Thank first for your very fast response.
But your setup is nearly identical to the one the wizard generates.
Why do i need to setup a customer service for port 22 when ssh is already present?Ok, one different is if i chose ssg instead of my own service i can't save the configuration?
I followed your description 1 to 1 but is not working?Please have a look at the screenshots.
Same problem!!! Original and translated services don't match. Can't save nat rule!
are you trying to change the SSH service definition and you can't? SSH is a reserved definition, you will need to create a new service definition.
After a couple of tries it worked for me. Here a short review of my setup and the solution.I tried to use tcp 8022 from internet to ssh an internal server on port tcp 22. I was not able to save the config when i use the standard service ssh, same as you.
I created a new service named tcp_22 with protocol tcp and dst port 22. After that i was able to save the rule. But as wirtten above the rule was not working from beginning.abd i didn#T know why.
I found my new rule at the bottom so i shifted it to the top still not working. Then i decided to use the ultimate weapon, restart the XG.
Afterwards everything is working? I added a couple of new DNAT rules since my first problem all of them are working fine.
Here is my setting screenshot.
Thanks, yes, this solution works for me! New service SHH_TCP port 22, external service 2222 TCP