Port forwarding via Watchguard

Question

I have problem with accessing oracle database with oracle SQL developer.

I'm using Watchguard m400 as my firewall/router and Windows Server 2012 R2 as Oracle DB Server.

I have server with local IP, lets say its 10.10.10.10, I NATted it with s-nat to a global IP one, let's say 210.210.210.210. I added a policy with ports 3389 - RDP and 1521 - oracle. I can RDP to that server's global IP (210.210.210.210) from local network or from public one, but unfortunatelly I can't acces via Oracle SQL Developer to that server at global IP (it works only from local network to local IP). Of course, on server I have oppened 3389 + 1521 in Windows Firewall.

Any ideas?

My s-nat looks like this: From Any to 210.210.210.210 -> 10.10.10.10 Policy with ports 3389, 1521

Regards.

Answer 1

Your rules seems correct as you have described it and as you say the RDP portion works so it seems to be defined correctly. In situations like this, I will generally turn on logging for the policy (default settings only log deny packets for a packet filter) and attempt the connection again with the application to confirm that the traffic is actually flowing as expected. Sometimes, the application will be attempting to connect on a port or service I was not expecting, or there is some routing/DNS/application configuration issue preventing the traffic from reaching the firewall in the first place.

You can get a live view using the Traffic Monitor feature in either the Watchguard Web UI or via the Firebox System Manager software. Watch the Traffic Monitor and attempt a connection. If you are getting a lot of log traffic at the time, it can also help to filter by your source IP address.

Traffic Monitor reference for Web UI: http://www.watchguard.com/help/docs/fireware/11/en-US/index.html#en-US/system_status/traffic_monitor_web.html