This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PAT not working as supposed on XG V18

Hi all,

I have migrated from V17x to V18 some month ago and with the very small used functions at home everything was working fine afterwards.

I was tying to setup a DNAt rules with port translation today without success. I used the wizard for DNAT internet to local server for ssh and it created one fw rule and NAT. The wizard does't ask for a dst. service just the source service.

So far it was working. SSH from WAN to internal worked by using port 22.

But to keep it a little more save i want to use port 8022 from WAN. Therefore i changed the two rules as follows:

FW-Rule
S-Zone: any
S-Net:    any anytime
D-Zone   LAN
D-Net:   #port2     is the WAN port
service:  change from ssh to a new generated TCP_8022
The rest was kept as built from the wizard

NAT_Rule:

o-source:   any
o-dest:  #port2 
o-service:   changed from ssh to TCP_8022
T-source(SNAT)  original
T-dest(DNAT) xxxnas   internal host
t-service(PAT) changed from original to ssh
ibound-if  #port2 
outbound-if  any

When i try to save this i get a message "Original and translated services don't match" and i am not able to store that.
Any idea why? What i am doinf wrong? 

Cheers
Torsten



This thread was automatically locked due to age.
Parents
  • Hi,

     

    First, don't use the DNAT wizard of v18, It's garbage by design.

    "Original and translated services don't match"

    You have a mismatch between the source and destinations services. Be sure your only changing the destination port on both services, here's rule example for what your trying to do now:

    External facing port (service)

    Local port (service)

    This will translate the external facing port 8022 on #Port2 (WAN) to the internal 22 on the machine "Saturn".

    And here's the firewall rule.

    And here's the result :)

     

    Thanks!

     


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • Hi Prism,

    Thank first for your very fast response.

    But your setup is nearly identical to the one the wizard generates. 

    Why do i need to setup a customer service for port 22 when ssh is already present?
    Ok, one different is if i chose ssg instead of my own service i can't save the configuration?

    I followed your description 1 to 1 but is not working?
    Please have a look at the screenshots.

  • Same problem!!! Original and translated services don't match. Can't save nat rule!

  • Hi,

    are you trying to change the SSH service definition and you can't? SSH is a reserved definition, you will need to create a new service definition.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Heiber,

    After a couple of tries it worked for me. Here a short review of my setup and the solution.
    I tried to use tcp 8022 from internet to ssh an internal server on port tcp 22. I was not able to save the config when i use the standard service ssh, same as you.

    I created a new service named tcp_22 with protocol tcp and dst port 22. After that i was able to save the rule. 
    But as wirtten above the rule was not working from beginning.abd i didn#T know why.

    I found my new rule at the bottom so i shifted it to the top still not working. Then i decided to use the ultimate weapon, restart the XG.

    Afterwards everything is working? I added a couple of new DNAT rules since my first problem all of them are working fine.

    Here is my setting screenshot.

Reply
  • Hi Heiber,

    After a couple of tries it worked for me. Here a short review of my setup and the solution.
    I tried to use tcp 8022 from internet to ssh an internal server on port tcp 22. I was not able to save the config when i use the standard service ssh, same as you.

    I created a new service named tcp_22 with protocol tcp and dst port 22. After that i was able to save the rule. 
    But as wirtten above the rule was not working from beginning.abd i didn#T know why.

    I found my new rule at the bottom so i shifted it to the top still not working. Then i decided to use the ultimate weapon, restart the XG.

    Afterwards everything is working? I added a couple of new DNAT rules since my first problem all of them are working fine.

    Here is my setting screenshot.

Children