Port forwarding issue with two different ports

TimeCop79 · ‎03-15-2024

Hi

I have configured port forwarding on my FGT 60D to allow RDP access to 2 computers with the IP addresses 192.168.1.10 and .20, and the source ports 3389 and 3390. I created the virtual IPs for each and the policy. For the address 192.168.1.10/3389, RDP works perfectly, but for 192.168.1.20/3390, it doesn't work. The computers are connected through a router with a private address of 10.0.16.62. I even tried modifying the VIP of the address 192.168.1.10 with port 3390, but it still doesn't work. Thank you for helping me.

ozkanaltas · ‎03-15-2024

Hello @TimeCop79 ,

Could you share vip configuration with us?

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

TimeCop79 · ‎03-16-2024

this the first VIP that works fine, the second VIP is same but with 192.168.1.20 as mapped ip and 3390 as external service port

ozkanaltas · ‎03-16-2024

Hello @TimeCop79 ,

I see that, you use private ip as a external ip. Did you do nat configuration on isp router for 3390. In this scenerio need to this. Also you can sniff the traffic for 3390. If you cant see any traffic. You need to look your isp router.

diagnose sniff packet any "port 3390" 4 0

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

TimeCop79 · ‎03-18-2024

1-for the 3389 it works, but for the 3390 no packet received with diagnose command,

2-for any other port than 3389 a i have to do nat on isp?

ozkanaltas · ‎03-18-2024

Hello @TimeCop79 ,

In my opinion, you need to check your router configuration. I think your router does not allow 3390 traffic.

Yes, you can configure nat on your ISP router for 3390.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

TimeCop79 · ‎03-18-2024

its small huwaei 4g isp (b311) , can't find nat settings

ozkanaltas · ‎03-18-2024

Hello @TimeCop79 ,

If your isp does not use customized firmware on your router you can review these documents about nat.

https://consumer.huawei.com/en/support/content/en-us15807087/

https://consumer.huawei.com/en/support/content/en-us15806329/

If your isp uses customized firmware, you can contact with them for this issue.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

TimeCop79 · ‎03-18-2024

could i resolve the problem with port mapping on isp ?

ozkanaltas · ‎03-18-2024

They should help with this matter. Or they should say, we are not allowed this. Because some ISPs don't allow this nat operation.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

Port forwarding issue with two different ports

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website