0

I have a problem with port forwarding on Watchguard. What I want? I need to access from Internet via public IP on different port (lets say 9999) to a Remote Desktop on a PC which is on local network (win 10).

What I did?

  • I created a SNAT policy, where I chose External (with certain IP address - my gateway-watchguard public IP),
  • Internal IP Address - I set as a my WIN 10 on local network (10.10.0.1)
  • I ticked internal port as 3389 (RDP)

then,

  • I created a custom firewall policy with protocol TCP 9999 and I used it where I set FROM (as my public IP where my whole traffic goes in and out), and TO I set as SNAT(public IP->10.10.0.1:3389)

Now, as I belive, whole traffic which comes outside my local network on port 9999 should be forwarded to 10.10.0.1 on port 3389?

But it's not working. I tried to connect via Windows RDP -> publicIP:9999 and nothing.

Any ideas what I am doing wrong?

Regards

Artur
  • 21
  • 1
  • 1
  • 3
  • If you only want to change the forwarded ports, you need port forwarding, not SNAT. Does it matter from which public IP you connect? If not, set port forwarding 9999->10.10.0.1:3389. You are confusing some terms, I suppose. **S**NAT changes the **source**, not the destination. – Lenniey Sep 20 '17 at 07:49
  • Hey, I have few public IP's so I want to use that watchguard's, that's why I set which public IP, but probably that should work also as 'any external'. And I belive, on watchguard there is no other way to set FROM which port TO which port (except using SNAT). – Artur Sep 20 '17 at 07:58
  • Oh my, I just checked the Watchguard docs, they use SNAT as _static_ NAT, not _source_ NAT. OK, so you're on the right track. To debug this, I'd set the external IP to _any_, then trace the packets on your Win10 machine, look if anything at all reaches port 3389. – Lenniey Sep 20 '17 at 08:03
  • OK, it's working now. Actually it was working from the beginning but my WiFi provider blocked port 9999 so that's why the packet's wasn't going out. – Artur Sep 20 '17 at 10:34
  • 1
    Alright. Glad you got it working. You should answer your own question, then. – Lenniey Sep 20 '17 at 11:28

1 Answers1

2

To achieve port forwarding on Watchguard you need to:

  • create a SNAT (static NAT) policy with proper External source,
  • set Internal IP Address as a your wanted PC (local IP) and tick a different internal port (3389 in case of RDP).
  • create custom firewall with any selected port and set FROM (as wanted External source) and IN as that SNAT.

That means, that whole traffic which comes from external source on selected port will be redirected into your PC in local network on port 3389 (RDP).

Be sure that you are not blocking those ports.

Artur
  • 21
  • 1
  • 1
  • 3