EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 15 December 2024, 11:57:35 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Get the new Updates directly from Endian
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
Port forwarding: Incoming to translate reversed?
0 Members and 2 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Port forwarding: Incoming to translate reversed? (Read 13356 times)
bolerodan
Jr. Member
Offline
Posts: 3
Port forwarding: Incoming to translate reversed?
«
on:
Saturday 29 September 2012, 07:40:49 am »
I'm having a weird issue on EFW 2.5.1
Attached is a photo
imgur.com/kdbH2
In my mind, port 8080 should be open to the world, that gets translated NAT to 192.168.8.199 port 22. However, it turns out that the reverse is true.. port 22 is open and port 8080 does nothing? am I missing something on the configuration of these rules?
and attached again is how I configure them
imgur.com/CsC0
I must be missing something obvious. I'm coming from pfsense, I would assume incoming port, would mean the incoming port from the WAN interface, in this scenario being 8080.. then translate it to an internal IP to port 22.
So in these screenshots, why is port 22 open to the world?
Thanks.
Logged
fqureshi
Sr. Member
Offline
Posts: 126
Re: Port forwarding: Incoming to translate reversed?
«
Reply #1 on:
Saturday 29 September 2012, 08:01:36 am »
Port 8080 is standard port for proxy. Both ports are not reachable from WAN until you define port forwarding rules or set system access under system access rules. Both ports could be translated into a different port which is translated by Endian/squid itself as a source port.
If you are saying that 22 is reacable from outside then you might have defined port forwarding rule or system access rule.
Secondly, incoming means on which interface it is received. It is not always WAN.
Hope this helps.
Logged
bolerodan
Jr. Member
Offline
Posts: 3
Re: Port forwarding: Incoming to translate reversed?
«
Reply #2 on:
Saturday 29 September 2012, 09:09:35 am »
Thanks a lot for the reply,
This is from a clean install, no rules or changes exist. With that configuration I can access port 22 which does not make sense. I also just tested that if I "disable" the rule, it is still accessible from the outside.
Another test I did was I changed the protocol type from ANY to TCP+UDP and THEN port 8080 translated to port 22 internally.
I'm at a lost at how this is supposed to work.
Logged
fqureshi
Sr. Member
Offline
Posts: 126
Re: Port forwarding: Incoming to translate reversed?
«
Reply #3 on:
Saturday 29 September 2012, 09:28:37 am »
I really doubt that how this is happening. Because on my new install and also on old running system I am not able to reach port 22 from outside however it is obvious that i can access from green which should be the case anyway.
Can you describe what you want to achieve?
Logged
bolerodan
Jr. Member
Offline
Posts: 3
Re: Port forwarding: Incoming to translate reversed?
«
Reply #4 on:
Saturday 29 September 2012, 11:32:51 am »
All I want to be able to do, is to port forward 8080 to an internal host running SSH, which is port 22. I dont want port 22 exposed, hence why I want to translate 8080->22
However this firewall is not working how I would think it would. Disabled rules still work, my config posted above should do what I want, however port 22 is exposed to the outside world when only port 8080 should be. Until I change protocol from any to TCP+UDP is when my rule works as I expect, that being, hitting the RED interface on port 8080 translates to the host running SSH on port 22 correctly.
Also, under the chrome web browser, editing an existing rule loses the translate to port field settings and becomes "ANY" when saved.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com