Hi Sophos Community!
I am running Sophos XG Home, SFOS 18.0.1 MR-1-Build396. I am trying to forward port 80 to my NAS, but so far have not been able to.
I have used the Server Access Assistant wizard to create the rules. On my LAN I have no issues accessing my NAS with the loopback rule (using my DNS name) but I have not been able to access from the WAN. Previously I had this all setup and working with my router.
I have followed this video: https://vimeo.com/376241042, read numerous forums but it seems I am missing something perhaps not obvious.
Let me know if further info is needed.
Thank you for reaching out to the Community!
Could you please provide the screenshot of the DNAT rule and matching firewall rule that was created by default?
Community Support Engineer, Support & Services | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Note that the device has two ethernet ports. #1 is LAN and #2 is WAN.
Thanks for your help.
Thank you for providing the screenshots, DNAT and firewall rules seems correct.
Could you please confirm if you see traffic on HTTP on the firewall from the external source IP?
Check out the following KBA for more info: Sophos XG Firewall: How to monitor traffic using packet capture utility in the GUI
Thanks for your help H_Patel. I did a packet capture and there was no sign of any incoming packets. I reverted back to using my router and it also doesn't work. I've started a ticket with my ISP.
I decided to continue this thread since the issue I'm having is related.
When I try using a custom service that contains multiple services in a NAT rule, the inbound packets are rejected with status Violation, Local_ACL. If I list only one port in a custom service, then it works.
My question: Why can't I use a custom service with multiple ports in a NAT/firewall rule?
I think I figured it out. I had misinterpreted what source and destination meant when defining a service.