Port Forward - Did I Do It Correctly?

[spetrillo]

I need to port Forward UDP 123, 500, 4500 out from a single address on my internal network. I set it up as follows:

Interface: WAN interface
Protocol: UDP
Source: Single Host or Network/192.168.x.x/24
Source Port Range: 123 to 123
Destination: Any
Destination Port Range: any/any
Redirect Target IP: Single Host or Network/192.168.x.x
Redirect Target Port: 123
Pool Options: Default

Is this correct??

[utahbmxer]

Are you trying to make a internal server/device accessible to the internet?  If so, your rule is misconfigured.

Interface: WAN interface
Protocol: UDP
Source: Any (unless you want to restrict what internet hosts can talk to your internal host)
Source Port Range: Any
Destination: WAN Address
Destination Port Range: <Use an alias containing the ports needed or clone the rules and make sure one exists for each port you need to pass>
Redirect Target IP: Single Host or Network (your internal server)
Redirect Target Port: Same as Destination port above
Pool Options: Default

Also, it looks like you are port forwarding for IPsec.  If that is the case you should also create a rule which is the same as above, but change the protocol from UDP to ESP.  This will disable all the port fields for the NAT rule since ESP is a protocol and does not operate on a "port" like TCP/UDP.

[spetrillo]

I have a device that needs port 123, 500, and 4500 open. I have uPNP enabled but the device does not seem to use it. My next thought was to explicitly port forward.

Does that clarify?

[hbc]

As long as your wan side is not a private subnet and your are just forwarding inside a private network, I assume you mixed source and destination.

On wan side with public internet, 192.168.x.x. will never be a valid source ip.