![]() IP, Service=(81, 444, 554), Action=Allow, Users Included=All, Users Zone=WAN, To Zone=LAN, Priority=1, Source=Any, Destination=Public WAN You can't do this as a service group because your translating the ports, example: 81=>80, and 444=>443. Translated=Original, Destination Original=Public WAN IP, Destination Service Group, no luck) - Source Original=Any, Source Create 3 NAT policies for each port (I also tried creating a This way, if the DVR gets hacked, your limited to other devices on the DMZ and not having your LAN attacked. Second, could you possibly, for security, setup a DMZ zone? If so, do that and move the DVR to the DMZ zone. Same for HTTP Management, move it off of 80 to something you rarely use.įirst check, do you have only ONE WAN connection? Or do you have multiple ISP connections? If more than one, are you setting the connection on the primary WAN? If the public IP address is NOT on the main WAN, you need to create a ROUTE rule to tell the firewall to go out the correct WAN port. where to start.Ok, first off DO move HTTPS Management to some other port. Check the log to make sure that your packets aren't being dropped for other reasons (e.g. Use the packet monitor on the SonicWALL to capture packets when you are hitting the service from your hotspotĤ. Ensure that your address objects are in the correct zonesģ. This will let you know if packets are actually hitting the rules.Ģ. Check the hit counters next to your NAT policy and Access Rule to verify that they are incrementing when you hit the services from your hotspot. Or possibly, look at the precedence of the NAT rules to make sure that your newest rules are highest on the list.ġ. 80, 443) since, I believe NAT operations happen before the access rule operations.Įdit: Yeah, actually, it occurs to me that you may need to change your SonicWALL's management ports to something other than 80 and 443 even if you are doing port redirection. You may need to allow the original service port (e.g. Though, you may want to try allowing "Any" for the service on your access rule for testing. That said, it sounds like your are doing the right things as far as the NAT policy and the Access Rule. I would highly recommend using a VPN or, at least, an SSH tunnel to access services on your LAN, especially unencrypted channels like HTTP. What am I missing? There are no other ports forwarded, these that I'm trying to open are the only ports.įirst of all, I have to say that having your DVR accessible on the public internet is not a good idea. There is nothing in the logs whatsoever about blocked access, the policies' RX/TX counters are counting when I try to browse to the web server externally. I gave it that port and the local IP address of the web server, and it created NAT and Access policies, but that port is also still closed to the outside world. I set the web server to use port 12767 instead of port 80. I had a thought that maybe the DVR was blocking traffic due to the traffic coming from the WAN, and so I set up a simple web server on a PC instead, and created the same policies on the SonicWall for it using the Everything is fine and accessible locally. Still, the external ports are closed according to online port checker tools. ![]() ![]() Create 3 Access Rules for each port (I also tried creating one policy using a Service Group, no dice)įrom Zone=WAN, To Zone=LAN, Priority=1, Source=Any, Destination=Public WAN IP, Service=(81, 444, 554), Action=Allow, Users Included=All, Users Excluded=None Create 3 NAT policies for each port (I also tried creating a Service Group, no luck) - Source Original=Any, Source Translated=Original, Destination Original=Public WAN IP, Destination Translated=172.16.16.247, Service Original=port 81, 444, 554, Destination Translated=HTTP 80, HTTPS 443, RTSP 554 The articles and videos I've looked at tell me to do the following, which I've done. I was wanting to use 81 and 444 externally to not interfere with the SonicWall management interface, so I created new service objects for those ports. I have forwarded ports lots of times in the past, so I'm not new to this stuff. I've watched SonicWall tutorials, read articles, searched these forums, and also went through the Public Server Wizard to set up Port Forwarding, but nothing works. Name: Slippi TCP, Protocol: TCP, Port Range: 49000 to 51000Ģ.Hi all, I'm trying to enable port forwarding on a SonicWall TZ 300 to allow external access to a no frills camera DVR box. I don't know anything about Slippi but after looking at the linked thread I THINK what you want to do is set up a new NAT policy for outbound traffic where you define the following parameters:īefore creating the rule go to Objects->Service Objects and create two new objects:ġ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |