Help redirecting port/service to LAN server
I've spent several hours reading documentations and trying different things, but I'm not able to allow connections from WAN to specific IPs inside the LAN.
This is the first time I configure a firewall like this, but I have basic knowledge of basic concepts like port/service redirection or translation, etc. From what I see, it shouldn't be that hard, and I think it should work with what I've done so far but... it doesn't work.
The Firewall I'm trying to configure is a TZ 300, with SonicROM 5.6 and SafeMode 6.2.
What I want to achieve is:
Using the public IP address of our office, allow external connections to a SQL Server we host here. The idea is to allow only connections from our physical shops (they use a custom app to connect to our office to handle sells, invoices, etc.).
Currently we are using a VPN connection, but apparently it's having some issues and my boss wants to change it and use the firewall.
What I've done so far:
1) Redirected the port 1433 on the ISP router (also 21 for some other tests) and point it to the public SonicWall IP (X1)
2) I have created 3 address objects:
- The LAN private IP for the server.
- The LAN public IP for the server.
- My cellphone 4G IP for testing (currently trying with Android SQL Client)
3) Also, I created a NAT Policy.
Original Destination: Public (192.168.1.31)
Translated Destination: Private (192.168.0.102)
4) And finally I added the Firewall rule.
Destination: Public (192.168.1.31)
When trying to connect, the Android app reports ECONNREFUSED.
I also tested an FTP connection:
To void playing dangerous games with a working firewall and database with traffic, I've tried something similar but with FTP service, redirecting the traffic to my computer. I've tried both from my cellphone, and also with another "address object" with our public IP and connecting using Filezilla on my computer.
In any case, I noticed that the NAT Policy reports +5 usage count everytime I try to connect (with ECONNREFUSED too), but the Firewall rule reports "0" usage.
I also disabled the Firewall rule that said "WAN to LAN, Deny Any".
I'm completely lost here.
What am I missing?
While checking things, I saw that "X1 IP" is defined as 192.168.1.30.
Using Android Fing App to search for devices, it reports 192.168.1.30+2 as a SonicWall Router (NSA 3500)
On our office we use 192.168.0.3 as the Internet gateway (configured as "X0 IP" on the SonicWall panel).
Also, the SQL Server is listening on 1433 port. I've also opened my computer's port 21 on the Windows firewall.
If you need any other information please let me know.
Thanks in advance for any reply.