shay911
asked on
Sonicwall 200 tz port forwarding?
Hello,
I want to open a port for my pubic ip, hence, i added a TCP 6 port 6 on services, then ran the setup wizard gave a private ip and public ip, but it does not open the port.
I am connected to a wifi, my sonic wall is the default gateway, its ip is 192.168.3.1
my default gateway on my laptop connecting to wifi router is 192.168.16.1 and my ip is 192.168.16.100 <= this is the ip i am inputing in the private server.
Thank You for your help
I want to open a port for my pubic ip, hence, i added a TCP 6 port 6 on services, then ran the setup wizard gave a private ip and public ip, but it does not open the port.
I am connected to a wifi, my sonic wall is the default gateway, its ip is 192.168.3.1
my default gateway on my laptop connecting to wifi router is 192.168.16.1 and my ip is 192.168.16.100 <= this is the ip i am inputing in the private server.
Thank You for your help
Last Comment
ASKER
Port = 1089
and i need to open TCP(6) as defined in 'services' in sonicwall.
I have a wireless router 192.168.16.x which is connected to my firewall to which internet is connected. sonic walls ip is 192.168.3
Thanks
and i need to open TCP(6) as defined in 'services' in sonicwall.
I have a wireless router 192.168.16.x which is connected to my firewall to which internet is connected. sonic walls ip is 192.168.3
Thanks
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank You for your help.
These are my network settings on my wireless router, yes 192.168.3.1 is sonicwall
IP Addres: 192.168.3.55
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.3.1 (Optional)
MTU Size (in bytes): 1500 (The default is 1500, do not change unless necessary.)
Primary DNS: 221.132.112.x
Secondary DNS: 192.168.11.1
Under forwarding on my wireless router (tp link) i have virtual servers and the setting is as following
1089 1089 192.168.16.100 ALL Enabled Modify Delete
These are my network settings on my wireless router, yes 192.168.3.1 is sonicwall
IP Addres: 192.168.3.55
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.3.1 (Optional)
MTU Size (in bytes): 1500 (The default is 1500, do not change unless necessary.)
Primary DNS: 221.132.112.x
Secondary DNS: 192.168.11.1
Under forwarding on my wireless router (tp link) i have virtual servers and the setting is as following
1089 1089 192.168.16.100 ALL Enabled Modify Delete
ASKER
Also 192.168.16.100 is my laptops private ip and 192.168.16.1 is the default gateway.
Ok cool...
Using the wizard on the Sonicwall your Private/Public ip's should be
Public - <wan ip address> (or WAN interface - think you can select this on those models)
Private - 192.168.3.55
Note there are 2 things on each device you need - Firewall ports opened and Port Forwarding setup
Looks like you have Port forwarding setup on the TPLink ok - is there a seperate Firewall section on it? Just open port 1089 on that
Same on the Sonicwall...
Using the wizard on the Sonicwall your Private/Public ip's should be
Public - <wan ip address> (or WAN interface - think you can select this on those models)
Private - 192.168.3.55
Note there are 2 things on each device you need - Firewall ports opened and Port Forwarding setup
Looks like you have Port forwarding setup on the TPLink ok - is there a seperate Firewall section on it? Just open port 1089 on that
Same on the Sonicwall...
ASKER
Ok, I changed the ip to 192.168.3.55
So, on sonic wall i used the wizard and did the port forwarding
On my wireless router i did the port opening too.
Do i need to make a new sonicwall policy?
I cannot find any other firewall settings on my wireless router?
So, on sonic wall i used the wizard and did the port forwarding
On my wireless router i did the port opening too.
Do i need to make a new sonicwall policy?
I cannot find any other firewall settings on my wireless router?
What model is the router exactly?
ASKER
It's
300M Wireless N Gigabit Router
Model No. TL-WR1043N / TL-WR1043ND
Thanks!
300M Wireless N Gigabit Router
Model No. TL-WR1043N / TL-WR1043ND
Thanks!
Ok can't see anything specific on that model in terms of firewall so its possible the Virtual server settings will do the work...
On the Sonicwall have you it like so?
In the Network/NAT Policies area, created a policy with
Source
- Original: Any
- Translated: Original
Destination
- Original: WAN Primary IP
- Translated: 192.168.3.55
Service
- Original: 1089
- Translated: Original
Interface
- Inbound: Any
- Outbound: Any
In the Firewall/Access Rules, added an Allow rule
From Zone: WAN
To Zone: LAN
Service: 1089
Source: Any
Destination: Any
Can you confirm that's how you have it?
On the Sonicwall have you it like so?
In the Network/NAT Policies area, created a policy with
Source
- Original: Any
- Translated: Original
Destination
- Original: WAN Primary IP
- Translated: 192.168.3.55
Service
- Original: 1089
- Translated: Original
Interface
- Inbound: Any
- Outbound: Any
In the Firewall/Access Rules, added an Allow rule
From Zone: WAN
To Zone: LAN
Service: 1089
Source: Any
Destination: Any
Can you confirm that's how you have it?
ASKER
Yep, I confirm with these settings, i just don't know how 192.168.3.55 knows to translate to 192.168.11.100? Thanks!
It knows since the TPLink's outside IP is 192.168.3.55 - so on the TPLink the Virtual server thing is basically saying
'Translate from WAN IP to 192.168.16.100'
You said 192.168.11.100? Is that a typo?
'Translate from WAN IP to 192.168.16.100'
You said 192.168.11.100? Is that a typo?
ASKER
Ah ok, yes its a typo! sorry!!
Ok, so you're saying things aren't working now as is?
Exactly how are you testing this?
http://www.canyouseeme.org/ - does this show anything Open?
https://www.grc.com/x/ne.dll?rh1dkyd2 - this is a good site to show open ports as well, select Custom Port and enter 1089
Next thing we need to do is work on the Sonicwall side first - i.e. connect your laptop to the LAN ports on the Sonicwall first(i.e you'll need to setup IP on the laptop in the 192.168.3.x subnet)
Then test that the port is opened on the Sonicwall - once we confirm that we can then assume the TPLink is the issue...
Exactly how are you testing this?
http://www.canyouseeme.org/ - does this show anything Open?
https://www.grc.com/x/ne.dll?rh1dkyd2 - this is a good site to show open ports as well, select Custom Port and enter 1089
Next thing we need to do is work on the Sonicwall side first - i.e. connect your laptop to the LAN ports on the Sonicwall first(i.e you'll need to setup IP on the laptop in the 192.168.3.x subnet)
Then test that the port is opened on the Sonicwall - once we confirm that we can then assume the TPLink is the issue...
ASKER
Yes, i am using canyouseeme.org and it shows 1089 to be closed, ok i`ll try to connnect directly to the lan and report back! Thanks
ASKER
Ok i tried with my laptop, no luck :(. still could not open the port.
Apologies there's one setting to change on the Sonicwall to make this test work
Destination
- Original: WAN Primary IP
- Translated: 192.168.3.55 - change this IP to the IP of the laptop you are testing with...
This is under the Network/NAT Policies area
Destination
- Original: WAN Primary IP
- Translated: 192.168.3.55 - change this IP to the IP of the laptop you are testing with...
This is under the Network/NAT Policies area
ASKER
yep i did this :), but it did not work.
In the Firewall/Access Rules you definitely have these?
From Zone: WAN
To Zone: LAN
Service: 1089
Source: Any
Destination: Any
If so...I'm lost...that should work fine
Any chance you can post screenshot of the NAT rule(blank out your public IP for privacy) and the Firewall rules section? I can't see what could be wrong if you have everything as you say...
This basically means the Sonic isn't doing the forward...so we need to work on that first before bothering with the TPLink
From Zone: WAN
To Zone: LAN
Service: 1089
Source: Any
Destination: Any
If so...I'm lost...that should work fine
Any chance you can post screenshot of the NAT rule(blank out your public IP for privacy) and the Firewall rules section? I can't see what could be wrong if you have everything as you say...
This basically means the Sonic isn't doing the forward...so we need to work on that first before bothering with the TPLink
ASKER
sure, here you go
Please note 3 nat policies Shay Private Server
on nat jpg its 1 4 nd 7
Thanks
Please note 3 nat policies Shay Private Server
on nat jpg its 1 4 nd 7
Thanks
ASKER
here is the firewall access jpg
No attachments...
ASKER
here
ASKER
its not attaching for some reason could i email you? or should i find another way? may be upload?
ASKER
here trying again
When you click on the 'Attach File' link you need to then click 'Upload file' before clicking Submit - are you doing that?
ASKER
yes, i am.. it attaches, and then doesnt submit.
You also need to add Comments to each picture - try that as well(see my example)
I assume its JPG type files?
upload-section.jpg
I assume its JPG type files?
upload-section.jpg
ASKER
Ok, your Destination is wrong on the Firewall-access page
It shows 'WAN Destination IP'
Should be 'ANY'
Change that and retest
It shows 'WAN Destination IP'
Should be 'ANY'
Change that and retest
Also what is Rule 4 on the NAT section doing?
ASKER
Ok changed it to Any, but it still won't work.
ASKER
no idea, i setup a public server wizard, but "Shays Private Server Services" is the port 1089 i am trying to open
Attached
what-is-4-doing.png
Attached
what-is-4-doing.png
Disable it for a minute and retest...
Can't see anything else to change...this should work as is...its late over here so maybe I need a fresh look in morning...but disable rule 4 for the test just to see as i can't see why its needed - was this the original rule you setup by any chance?
Can't see anything else to change...this should work as is...its late over here so maybe I need a fresh look in morning...but disable rule 4 for the test just to see as i can't see why its needed - was this the original rule you setup by any chance?
ASKER
ah no it was setup automatically by by the wizard... ok see you in th morning, thanks!
ASKER
i tried disabling it, but it still won't work! thanks
Hi @shay911
Can you confirm - are the 'Karachi Home Camera' rules working ok? Just want to see if ANY of the rules on this sonicwall are working...
Can you confirm - are the 'Karachi Home Camera' rules working ok? Just want to see if ANY of the rules on this sonicwall are working...
ASKER
yes on my public ip with its respective port, i am able to connect to it and can see that port open on canyouseeme.org thanks
Those rules are confusing me here...
Rule 5 says
Source - Karachi Camera(what ip is this?)
Translated - WAN IP
Destination - Any
Translated - Original
That in layman terms means from INSIDE to OUTSIDE - not OUTSIDE to INSIDE(which NAT rule usually is)
Change the last rule(the one we can't get working) to
Source - Shay's private server
Translated - WAN IP
Destination - Any
Translated - Original
I'm very confused sorry...rules appear to be backwards to what I normally see
Rule 5 says
Source - Karachi Camera(what ip is this?)
Translated - WAN IP
Destination - Any
Translated - Original
That in layman terms means from INSIDE to OUTSIDE - not OUTSIDE to INSIDE(which NAT rule usually is)
Change the last rule(the one we can't get working) to
Source - Shay's private server
Translated - WAN IP
Destination - Any
Translated - Original
I'm very confused sorry...rules appear to be backwards to what I normally see
Actually better question - how did you create the Camera rules? By wizard?
ASKER
which number should i change? thanks
ASKER
I did not create, another of my colleague did, but he is not available!
ASKER
Shay's private server <= ip of this is 192.168.3.55 same as the one for shays private server.
Source - Karachi Camera(what ip is this?)
ASKER
Source - Karachi Camera also equals 192.168.3.55 thanks
Ok...so how do you know you have remote access to the camera system if its pointing to the same IP as the private server?
Are you saying that on Canyouseeme.org when you test for the camera ports you are showing OPEN but when testing for the Shay's private services port you are showing CLOSED?
If so you need to change Rule7 to
Source - Shay's private server
Translated - WAN IP
Destination - Any
Translated - Original
Are you saying that on Canyouseeme.org when you test for the camera ports you are showing OPEN but when testing for the Shay's private services port you are showing CLOSED?
If so you need to change Rule7 to
Source - Shay's private server
Translated - WAN IP
Destination - Any
Translated - Original
ASKER
yes, this is the exact problem camera port is open but the new port isn't i tried editing the rule 7 but i got an error here is a snap
tried-changing-the-7th-rules.png
tried-changing-the-7th-rules.png
Change the Outbound Interface to X1(like the other rules have)
ASKER
Oh hang on i made those changes.. but cannot see it opened on canyouseeme.org
ASKER
when i changed the output to X1 it says "Error: Duplicate policy exists"
Apologies...I see that now - Rule4 is already setup like that...
Delete Rule7 for now and retest...
Now if it DOESN'T work - we need to check the Firewall rules for NatRule5&6 to match it...
Delete Rule7 for now and retest...
Now if it DOESN'T work - we need to check the Firewall rules for NatRule5&6 to match it...
ASKER
ok deleted, still doesn't open on canyouseeme.org
Ok - next check the Firewall section - check the rules that are relevant to the Camera's device...check that the rule for the ShayPrivateService are the SAME as those rules...if you can access the camera's port from outside that has to be the last thing in the loop
ASKER
damn, yes they are exactly the same, except the port of course... i even disabled my windows firewall on my laptop but i dont know if it would help, but it didn't.:(
Going to step back here a bit...
This camera port that is OPEN - is it running on your laptop?
This camera port that is OPEN - is it running on your laptop?
ASKER
No, its a camera, connected to the same wireless router, 192.168.16.x
the ip given to the camera is 192.168.16.111 port 1086
the ip given to my laptop is 192.168.16.100 port 1089
however the 1089 aint opening.
the ip given to the camera is 192.168.16.111 port 1086
the ip given to my laptop is 192.168.16.100 port 1089
however the 1089 aint opening.
Why is your laptop 192.168.16.100? Aren't we still connected to the Sonicwall to do all this testing?
We need to verify the Sonicwall config before we move back to the TPLink config...sounds like you are still behind the TPLink if your laptop has that ip...
Your laptop should be 192.168.3.55 for this testing to work - and connected to the Sonicwall lan port
We need to verify the Sonicwall config before we move back to the TPLink config...sounds like you are still behind the TPLink if your laptop has that ip...
Your laptop should be 192.168.3.55 for this testing to work - and connected to the Sonicwall lan port
If you are happy that the Sonicwall is setup correctly then you now need to match the rules on the TPLink for the camera's so that the new 'shay private' machine has the same rules...
ASKER
Ok i restarted my pc, and a very interesting thing is happening, i still connect connect from my local ip, but when i connect to my VPN, and i telnet to my public ip for that port, i can connect.. any idea why this is happening?
Not sure what you mean by 'I still can't connect from my local ip'
When you connect to a VPN that gives you an IP on your internal network...so that's nothing to do with ports on your router...VPN connection basically puts you 'on' your local lan - or it appears you are on your local lan even though you are sitting at home - cause you are allocated an IP address from the VPN pool(which is local to your lan)
So that will always work...
Real test here is from a machine on the OUTSIDE of your network - are you not testing like that? If not then we've been wasting time here...explain how you've been testing this please
When you connect to a VPN that gives you an IP on your internal network...so that's nothing to do with ports on your router...VPN connection basically puts you 'on' your local lan - or it appears you are on your local lan even though you are sitting at home - cause you are allocated an IP address from the VPN pool(which is local to your lan)
So that will always work...
Real test here is from a machine on the OUTSIDE of your network - are you not testing like that? If not then we've been wasting time here...explain how you've been testing this please
ASKER
Thank You for your detailed help, you were wonderful... after everything you helped with, i only changed ALL to tcp on my wireless router, and it worked like a charm!!
Routers
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.
49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
192.168.3.x
192.168.16.x
Why? Is this passing through a router then the sonicwall or how is this network configured?
Neither of those IP's are Public...so bit confused...
Also what is 'TCP 6 port 6'?