Solved

Firebox x750e changing port forwarding

Posted on 2009-07-14
8
1,678 Views
Last Modified: 2013-11-16
I am changing the a port forwarding rule and create a second new port forwarding rule on a Firebox X750e at one of our offices.  I am not familiar with watchguards.  I simply want to make a rule to forward 5900 to internal address 192.168.1.247.

We have a single external public IP address connected to the WAN port of the firebox.  There are several standard port forwarding rules pointing to 2 servers already.  I attempted to model my new rule off of these and cahnge the existing RDP rule.

I have made the change a dozen times and cannot figure out why it does not work.  for a test I took an existing rule forwarding RDP 3389 to 192.168.1.225 that is working and changed the NAT setting to 192.168.1.247.  Same rule, same settings and it doesn't work!  Change it back and it works with the original .225 server.  Internally that system is up and accessible on both protocols.

I am guessing that there is another place that a NAT setting or the .247 host must be defined, but I can't find it or find it mentioned in any directions.  
0
Comment
Question by:mathews2001
  • 4
  • 3
8 Comments
 
LVL 12

Expert Comment

by:jmlamb
ID: 24855759
Hello,

1-to-1 NAT is configured in Policy Manager under Network, NAT, 1-to-1 NAT tab. You should find your existing public to 192.168.1.225 configuration there.

Hope that gets you going in the right direction.
0
 

Author Comment

by:mathews2001
ID: 24858815
The 1 to 1 NAT tab is blank.  I understood that the NAT settings under the policy itself take priority over this tab.  I think when you make a policy and use the NAT button it creates a 1 to 1 for you.

I can add a setting there, but it didnt help before.
0
 

Author Comment

by:mathews2001
ID: 24858847
I tried to add a 1 to 1 NAT and got the following message:

You cannot use an interface IP address (primary or Secondary) of the firebox in your 1 to 1 NAT configuration.

The NAT base was x.x.x.x my external IP and the real base was my internal 192.168.1.247
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:mathews2001
ID: 24860199
reversed the NAT base and real base above and it took the setting.  doesnt look right to me though.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24863691
As you have only one public IP you cannot use 1-1 NAT.

Please ensure that the new machine is actually listening on the ports you are configuring in the service [you can use netstat -a command to verify the port/protocol].

Also, make sure on the new machine internal IP of WG is the default gateway and there no multiple gateways; finally make sure there is no internal firewall on the new machine which is blocking the traffic.

If you enable logging for the service and post few sanitized logs from traffic when the traffic goes though it would be helpful.

Please update.

Thank you.
0
 

Author Comment

by:mathews2001
ID: 24863733
The listening pc had the wrong default gateway.  We typically use .1 and this office has .254.  I always tell the guys to check the simple stuff first.  I guess I didn't take my own advice.  What was killing me was the logs showed it forwarding, but not working.  
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 24863893
You were trying to create it correctly the first time, but was using an IP already assigned to an interface, which won't work. Go ahead and delete that 1-to-1 if you haven't already.

In the inbound RDP policy you're trying to modify, under the Policy tab, what does it say in the To box? You should see public ip --> private ip. The private ip should be 192.168.1.247. Under the Advanced tab, make sure Dynamic NAT is checked. You don't have to setup a 1-to-1 with a single public ip.
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 24863904
Oops, didn't see this as solved before typing my comment. Disregard.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Palo Alto Networks - find the sec zone 3 65
ip igmp join-group 8 43
SonicWall NSA 3600, Geo-IP Filter & blocking sites 2 41
Upgrading from Sonicwall Tz210 6 14
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question