Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 04:11:25 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Port forwarding: Incoming to translate reversed?
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Port forwarding: Incoming to translate reversed?  (Read 13034 times)
bolerodan
Jr. Member
*
Offline Offline

Posts: 3


« on: Saturday 29 September 2012, 07:40:49 am »

I'm having a weird issue on EFW 2.5.1
Attached is a photo

imgur.com/kdbH2

In my mind, port 8080 should be open to the world, that gets translated NAT to 192.168.8.199 port 22. However, it turns out that the reverse is true.. port 22 is open and port 8080 does nothing? am I missing something on the configuration of these rules?

and attached again is how I configure them

imgur.com/CsC0

I must be missing something obvious. I'm coming from pfsense, I would assume incoming port, would mean the incoming port from the WAN interface, in this scenario being 8080.. then translate it to an internal IP to port 22.

So in these screenshots, why is port 22 open to the world?

Thanks.
Logged
fqureshi
Sr. Member
****
Offline Offline

Posts: 126


« Reply #1 on: Saturday 29 September 2012, 08:01:36 am »

Port 8080 is standard port for proxy. Both ports are not reachable from WAN until you define port forwarding rules or set system access under system access rules. Both ports could be translated into a different port which is translated by Endian/squid itself as a source port.

If you are saying that 22 is reacable from outside then you might have defined port forwarding rule or system access rule.

Secondly, incoming means on which interface it is received. It is not always WAN.

Hope this helps.
Logged
bolerodan
Jr. Member
*
Offline Offline

Posts: 3


« Reply #2 on: Saturday 29 September 2012, 09:09:35 am »

Thanks a lot for the reply,

This is from a clean install, no rules or changes exist. With that configuration I can access port 22 which does not make sense. I also just tested that if I "disable" the rule, it is still accessible from the outside.

Another test I did was I changed the protocol type from ANY to TCP+UDP and THEN port 8080 translated to port 22 internally.

I'm at a lost at how this is supposed to work.
Logged
fqureshi
Sr. Member
****
Offline Offline

Posts: 126


« Reply #3 on: Saturday 29 September 2012, 09:28:37 am »

I really doubt that how this is happening. Because on my new install and also on old running system I am not able to reach port 22 from outside however it is obvious that i can access from green which should be the case anyway.

Can you describe what you want to achieve?
Logged
bolerodan
Jr. Member
*
Offline Offline

Posts: 3


« Reply #4 on: Saturday 29 September 2012, 11:32:51 am »

All I want to be able to do, is to port forward 8080 to an internal host running SSH, which is port 22. I dont want port 22 exposed, hence why I want to translate 8080->22

However this firewall is not working how I would think it would. Disabled rules still work, my config posted above should do what I want, however port 22 is exposed to the outside world when only port 8080 should be. Until I change protocol from any to TCP+UDP is when my rule works as I expect, that being, hitting the RED interface on port 8080 translates to the host running SSH on port 22 correctly.

Also, under the chrome web browser, editing an existing rule loses the translate to port field settings and becomes "ANY" when saved.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com