Port forwarding

gerald_FS (Gerald) 2017-10-15 20:38:45 UTC #1

Hello,

I want to establish a port forwarding, but as always I am stupid of my stupidity

Under port forwarding I entered the source and destination port, as well as the local computer.
He writes in the gui that he has entered it, but it does not work, no access from outside.
Property already times the service shorewall (firewall) restarted - no change.

greetings
Gerald

mrmarkuz (Markus Neuberger) 2017-10-15 20:49:32 UTC #2

Hi @gerald_FS,

looks correct but is the IP behind Host steuerung.nandlnet.de the internal one? I ask because I could reach steuerung.nandlnet.de via www, it’s a Nethserver

gerald_FS (Gerald) 2017-10-15 20:54:13 UTC #3

this is a local computer, which only listens to the udp port. my local domain is also nandlnet.de and a computer has the hostname steuerung

mrmarkuz (Markus Neuberger) 2017-10-15 21:13:31 UTC #4

I meant if there is a local ip in the firewall objects page:

Are you able to do other port forwardings? Maybe your provider does firewalling, or you have a router between internet and your port forwarding Nethserver.
I assume the Steuerung is reachable from internal network.

gerald_FS (Gerald) 2017-10-16 15:50:08 UTC #5

Correctly, internally it is attainable.

My Provider has nothing in between, also the rout which I use gives everything to the NS further.
There, however, the firewall blocks everything.

A host I can not create firewall because this is in the DNS with entry is provided.
“Host Identität wird schon benutzt” (Host identity is already in use)

In which files should this forwarding be deposited?
Property times yesterday times in the directory etc / shorewall looked but these are all empty or have only the standard entries …

pike (Michael Kicks) 2017-10-16 16:12:53 UTC #6

Hi @gerald_FS, don’t forget that not everyone can easily read german (at least, it seems to me), so if you’re willing to take screenshots for post on forum, maybe should be easier to understand if you login in english on nethgui.

gerald_FS (Gerald) 2017-10-16 16:39:28 UTC #7

Uppss, right, you’re right!

In the zeal of the fight, I just made a screenshot.

gerald_FS (Gerald) 2017-10-16 17:26:31 UTC #8

Here are my screenshots:
1x DNS
1x port forwarding
1x Output when creating a host under Firewall Objects

mrmarkuz (Markus Neuberger) 2017-10-16 18:50:16 UTC #9

When you do port forwarding you can select the dns hosts and the firewall object hosts.
If you have a host in dns then you can’t create a firewall object host with same hostname but you may just take another name in the firewall objects host, important for port forwarding is just the ip address, not the name:

gerald_FS (Gerald) 2017-10-18 18:57:49 UTC #10

hello thanks for your help!

Exactly the host entry was what was missing.

Somehow it is somewhat illogical that one after the portforwarding, still a host entry in the firewall must create …

But now it is - THANK YOU!

pike (Michael Kicks) 2017-10-20 11:55:08 UTC #11

As best practice for object-driven firewall interface, you have to create the “raw materials” (object like services, addresess, hosts, subnets) before combine them to create “goods” (firewall rules, routing rules, policy routing).
It will help you a lot when “raw materials” will change, because it will apply on every rule you wrote before, without put you in urge to check every single rule/route…