Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Port Forward to External IP

I have a TZ470 currently setup to with an inbound port forward to a server internally which is working as expected. That server needs to be moved to another location, but the inbound clients (500+) only allow for an ip to be programmed into them so they're all pointing to a public ip behind that 470. Is it possible to port forward the inbound connection to another public ip that is not behind the SonicWall? So setup a new WAN address object, update the NAT policy, then update the inbound firewall rule from WAN-->LAN to WAN-->WAN. Also, create a new static route to point to the new public ip going over X1 if needed? This would only be temporary as the devices will be updated over the next month but the move needs to happen before all the devices are able to be updated.

In theory I think that should be it, but in practice it doesn't appear to be working. If I do a packet capture I see the translated packets being sent out X1 but they don't appear to be received. I have a feeling like it won't work since it seems like it would break a TCP handshake since the server will end up responding w/ a different public ip and won't send the SYN ACK back to the SonicWall but thought I'd ask.

Category: Entry Level Firewalls
Reply

Answers

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    are you overcomplicating this? use DNS

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    I don't know what the name for this is but the NAT policy needs to bidirectional. The translated source needs to be the X1 IP, because the translated destination has to reply back to your firewall because the clients will not accept a response from a different IP than they were talking to.

    Having said that:

    If I do a packet capture I see the translated packets being sent out X1 but they don't appear to be received.

    Packet capture never lies. If the packets are leaving your firewall but not reaching the destination then it's never going to work. How have you confirmed that they're not reaching the destination?

Sign In or Register to comment.