Have been tasked with making some config changes to a router not originally configured by me, and figuring out what all they've done has put my brain almost to the point of meltdown
My final task is to set up a couple of firewall filtering rules, should be simple right... but I know at this point I've been staring at the screen for far too long and I'm missing something very simple.
We have 3 separate servers sitting on the LAN side (10.0.1.12, .13 and .14) with a proprietary service listening on port 12500
From the outside we have one WAN IP... port 12612 is dst-NAT to 10.0.1.12:12500, 12613 to .13 and 12614 to .14
Have put the filtering rules in the forwarding chain, stuffed amongst the existing rules that were there. The 3 rules have dst-port 12612, 12613 and 12614 set however testing attempts all seem to rather hit a single existing rule that was set with dst-port 12500
What am I missing to get a filter rule that triggers on the port number the internet user is connecting to (ie. 12612, 12613, etc) rather than the port that resides at the inside end of the NAT (ie. 12500)
Know I'm going to kick myself, or remember the minute I click submit... but...