Port Forwarding is not working from Wan to Lan

Viols · October 2019

I am trying to connect my Linux server from my home office to my workplace

There are no special security setting at my home WAN/LAN.

My workplace is using a USG110 with a WAN IP - e.g. 85.42.126.48

and my Linux server is MAC Binding to 192.168.1.49

for a security reason i have to pass through [85.42.126.48:9001] -> [192.168.1.49:22](TCP-SSH)

These are the setting I create in USG110

NAT rules

Port Mapping Type: Virtual Server
Incoming Interface: Wan1 (85.42.126.48)
Source IP: any
External IP: InterfaceIP_Wan1 (85.42.126.48)
Internal IP: Linux (192.168.1.49)
External Service Port: 9001
Internal Service Port: 22
Disable NAT Loopback

Policy Control

From: Wan (DHCP - 85.42.126.48)
To: Lan1 (STATIC - 192.168.1.254)
Source: any
Destination: Linux (192.168.1.49)
Service: Linux SSH (TCP:22 UDP:22 PFSSH:9001)
User:any
Schedule: none
Action: Allow

After setting port forward i have try to access Linux with SSH from my home office and it is not working with a timeout error.

But It's okay to connect in the LAN env. [my workplace] using 85.42.126.48:9001

I also try to disable the [Security Policy Control] but it still not working.

BTW, i have try to change the NAT rules External Service Port: 22, as a result i can access from my home to workplace's Linux by using 85.42.126.48:22

Can anyone give a hand what I have setting error..?

Zyxel_Emily · October 2019

Hi @Viols,

Here are the configuration and test result.

Topology:

Internet----(wan: 10.214.48.69)USG110(lan1:192.168.1.1)------(192.168.1.33; SSH: port 22)server

NAT rule:

Forward port 9001 to 22

Security policy rule

Test Result:

Access the server via SSH 10.214:48.69:9001 successfully.

You need to check if there are other NAT rules with the same original port 9001 even if the internal IPs are different.

Zyxel_Emily · October 2019