Show Posts
1
General Discussion / I am having a heck of a time getting 1:1 NAT working
« on: November 22, 2018, 01:13:01 am »
Hellow All,
I am totally stumped on how to get 1:1 NAT working. I can see the outbound traffic from my device is getting translated properly, but inbound from the Internet to the device doesn't seem to be working. WHen I look in the logs I see (IPs have been changed from the actual addresses):
Internal IP of device to be made available to the Internet: 10.2.195.70
The NAT IP for the device: 111.11.163.164
External IP that is attempting to connect to the device: 4.4.157.227
The WAN IP of the firewall: 111.11.163.161
Interface Time Source Destination Proto Label
LAN Nov 21 18:03:43 111.11.163.161:12087 10.2.195.70:80 tcp let out anything from firewall host itself
WAN Nov 21 18:03:43 4.4.157.227:48980 10.2.195.70:80 tcp USER_RULE
And when I look in the States dump I see:
all tcp 10.2.195.70:80 (111.11.163.164:80) <- 4.4.157.227:48982 CLOSED:SYN_SENT
all tcp 111.11.163.161:21077 (4.4.157.227:48982) -> 10.2.195.70:80 SYN_SENT:CLOSED
It looks like the packet is coming in OK, but the firewall for some reason isn't keeping track of that conneciton properly and is applying a NAT to it's own address instead of the one I setup.
What I did for the 1:1 NAT setup was:
Interface = WAN
External IP = 111.11.163.164
Destination IP: *
System Version: 18.7.7 (latest at the time of this post)
It has to be something simple as this is the first time I am setting this up. I am just stumped! - Thanks in advance for any suggestions.
I am totally stumped on how to get 1:1 NAT working. I can see the outbound traffic from my device is getting translated properly, but inbound from the Internet to the device doesn't seem to be working. WHen I look in the logs I see (IPs have been changed from the actual addresses):
Internal IP of device to be made available to the Internet: 10.2.195.70
The NAT IP for the device: 111.11.163.164
External IP that is attempting to connect to the device: 4.4.157.227
The WAN IP of the firewall: 111.11.163.161
Interface Time Source Destination Proto Label
LAN Nov 21 18:03:43 111.11.163.161:12087 10.2.195.70:80 tcp let out anything from firewall host itself
WAN Nov 21 18:03:43 4.4.157.227:48980 10.2.195.70:80 tcp USER_RULE
And when I look in the States dump I see:
all tcp 10.2.195.70:80 (111.11.163.164:80) <- 4.4.157.227:48982 CLOSED:SYN_SENT
all tcp 111.11.163.161:21077 (4.4.157.227:48982) -> 10.2.195.70:80 SYN_SENT:CLOSED
It looks like the packet is coming in OK, but the firewall for some reason isn't keeping track of that conneciton properly and is applying a NAT to it's own address instead of the one I setup.
What I did for the 1:1 NAT setup was:
Interface = WAN
External IP = 111.11.163.164
Destination IP: *
System Version: 18.7.7 (latest at the time of this post)
It has to be something simple as this is the first time I am setting this up. I am just stumped! - Thanks in advance for any suggestions.