jang430 Posted July 18, 2020 Share Posted July 18, 2020 Hi. Anyone using Sophos XG18 as their firewall? I'm using the home version, which is free to use. I have docker containers in bridge mode. Deluge, Nexcloud, Syncthing, all using the same IP address as my Unraid Server. I don't now how to DNAT into Deluge, as I know Deluge requires opening of TCP and UDP ports. My deluge is on ServerIP:8112. Anyone have idea how to do it? So far, I have Sophos XG open port 12345. And when I use canyouseeme.org to check if port is open, it says MyPublicIPAddress with port 12345 is open. Don't know where traffic is going to though, as we should route it to ServerIP:8112 right? Hope some of you have instructions on how to do this. Quote Link to comment
Ford Prefect Posted July 19, 2020 Share Posted July 19, 2020 In general, I would not advice to use the standard bridge for exporting services from unRaid to the outside world. In unRaid you can enable VLANs and then put these dockers in a specific VLAN-bridge or even use direct, individual IPs (macvlan) for the dockers, which is what I do. Then only use forwarding to these IP(s)/Ports inside your Firewall. As per your question, I don`t quite understand what your problem is here. When you open port 12345 on your WAN side and forward this to server:8112, the port that appears open from the internet is that on the WAN:12345. So works as designed, doesn't it. Quote Link to comment
jang430 Posted July 19, 2020 Author Share Posted July 19, 2020 Hi. Don't know how to assign individual IPs for different containers though. Hence, not using that setup for now. Will read about it. I've successfully opened the port, though I don't know how to direct it to server:8112. I want all traffic to port 12345 only be directed to server:8112, and not server:8080, or server:8989. Quote Link to comment
Ford Prefect Posted July 19, 2020 Share Posted July 19, 2020 Hmmm... That's a sophos XG specific question, I am afraid and I don't use one. In general, you would want to place a rule inside your FW, allowing to forward (DNAT) traffic from WAN:12345 to LAN:8112, which is done via a DNAT rule. So the destination IP *and* destination port is part of that rule, hence you want to rewrite the port at destination. Check if there is such an option in the XG setting. Here*s an example I found...it`s in German, but google translate does a good job and screens are shown in english, too https://www.itm-store.de/info-faq/how-tos-anleitungen/xg/allgemein/sophos-xg-firewall-dnat-zu-einem-internen-server Quote Link to comment
jang430 Posted July 20, 2020 Author Share Posted July 20, 2020 Thanks Ford, I believe they call it PAT, Port Address Translation I think. Don't know how to do it yet, but will read some more. Appreciate the help. Quote Link to comment
Ford Prefect Posted July 20, 2020 Share Posted July 20, 2020 ...in the screens shown in the link I pointed out, there is an option in the "Forward To" dialog-screen called "Change Destination Port(s)"...I believe, this is what you need to check/change Quote Link to comment
jang430 Posted July 20, 2020 Author Share Posted July 20, 2020 Thanks @Ford Prefect, that's how I did it while I was in v17 . Just 2 days ago, I upgraded to v18, hence I have this question . HOpe you can shed some more light. Quote Link to comment
Ford Prefect Posted July 20, 2020 Share Posted July 20, 2020 😕 ... unfortunately not. So your're saying you did an upgrade and the existing rules were not migrated properly? Go and get same decent software, I'd say 🙃 Quote Link to comment
jang430 Posted July 21, 2020 Author Share Posted July 21, 2020 I may have been to blame . After migration, there were a lot of rules that I don't understand, and I just deleted them. Now, I want to manually put them back. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.