Port Forwarding is not working from Wan to Lan
I am trying to connect my Linux server from my home office to my workplace
There are no special security setting at my home WAN/LAN.
My workplace is using a USG110 with a WAN IP - e.g. 85.42.126.48
and my Linux server is MAC Binding to 192.168.1.49
for a security reason i have to pass through [85.42.126.48:9001] -> [192.168.1.49:22](TCP-SSH)
These are the setting I create in USG110
NAT rules
Port Mapping Type: Virtual Server Incoming Interface: Wan1 (85.42.126.48) Source IP: any External IP: InterfaceIP_Wan1 (85.42.126.48) Internal IP: Linux (192.168.1.49) External Service Port: 9001 Internal Service Port: 22 Disable NAT Loopback
Policy Control
From: Wan (DHCP - 85.42.126.48) To: Lan1 (STATIC - 192.168.1.254) Source: any Destination: Linux (192.168.1.49) Service: Linux SSH (TCP:22 UDP:22 PFSSH:9001) User:any Schedule: none Action: Allow
After setting port forward i have try to access Linux with SSH from my home office and it is not working with a timeout error.
But It's okay to connect in the LAN env. [my workplace] using 85.42.126.48:9001
I also try to disable the [Security Policy Control] but it still not working.
BTW, i have try to change the NAT rules External Service Port: 22, as a result i can access from my home to workplace's Linux by using 85.42.126.48:22
Can anyone give a hand what I have setting error..?
Accepted Solution
-
Hi @Viols,
Here are the configuration and test result.
Topology:
Internet----(wan: 10.214.48.69)USG110(lan1:192.168.1.1)------(192.168.1.33; SSH: port 22)server
NAT rule:
Forward port 9001 to 22
Security policy rule
Test Result:
Access the server via SSH 10.214:48.69:9001 successfully.
You need to check if there are other NAT rules with the same original port 9001 even if the internal IPs are different.
5
All Replies
-
Hi @Viols,
Here are the configuration and test result.
Topology:
Internet----(wan: 10.214.48.69)USG110(lan1:192.168.1.1)------(192.168.1.33; SSH: port 22)server
NAT rule:
Forward port 9001 to 22
Security policy rule
Test Result:
Access the server via SSH 10.214:48.69:9001 successfully.
You need to check if there are other NAT rules with the same original port 9001 even if the internal IPs are different.
5 -
I think I got the problem…my workplace's ISP have block a list of port…
after I test with some ports, I finally get this answer…
My settings are okay, but 9001 is not listening by my ISP…0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight