Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    Feb 2020
    Posts
    9

    Default Rules on port forwarded ports not working?

    Hi there,

    I set up a port forward rule for something. It works great. I forward port 20500 to some inside device 10.10.10.25:12200.
    I want to restrict access to port 20500 from the outside, but that port shows up nowhere in the reports to block.

    What I do see in Firewall's All Events is connections from remote clients directly to 10.10.10.25:12200, but nothing going to 20500 on Untangle.

    What am I missing? Thanks!

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,516

    Default

    Add conditions to the port forward rule to restrict the port forward to specific source addresses and such
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Feb 2020
    Posts
    9

    Default

    Thanks, but that doesn't have all I want. I'd like to block by country and stuff. I guess it works if I make that rule from remote client to 10.10.10.25:12200, but that's a bit unintuitive.

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,516

    Default

    Use the firewall app for country blocking. I personally use it.

    - Make a policy for all the port forwards to use.
    - Add firewall app to this policy.
    - Add firewall rule as below.

    firewall-country-rule3.png.jpg
    Last edited by jcoffin; 02-21-2020 at 09:30 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,186

    Default

    All of the rack applications work post NAT. All of the networking tab is pre NAT.

    So if you want to make a firewall rule, it's going to match on the destination and port INSIDE. That is to say the NEW address and the NEW port from the forward rule.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Feb 2020
    Posts
    9

    Default

    Quote Originally Posted by jcoffin View Post
    Use the firewall app for country blocking. I personally use it.

    - Make a policy for all the port forwards to use.
    - Add firewall app to this policy.
    - Add firewall rule as below.

    firewall-country-rule3.png.jpg
    Got it, I do something like that that works fine. It was the clarification that Firewall happens Post-NAT that I needed. Thanks!

    Quote Originally Posted by sky-knight View Post
    All of the rack applications work post NAT. All of the networking tab is pre NAT.

    So if you want to make a firewall rule, it's going to match on the destination and port INSIDE. That is to say the NEW address and the NEW port from the forward rule.
    Aaah that makes sense, thank you!

  7. #7
    Newbie
    Join Date
    Feb 2020
    Posts
    8

    Default

    thanks, this one was useful
    Jim.Alles likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2