Hello,
I'm having a problem with a fairly simple thing and I'm getting desperate. I need to forward traffic from the input fixed ip port 5001 to internal ip port 5151. I have set up the rule in NAT, but for some reason unknown to me it doesn't work (error "web not available - connection has been reset"). Can anyone give me some advice?
My firewall config:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=tarpit protocol=tcp dst-port=30555
1 chain=input action=add-src-to-address-list protocol=icmp address-list=allow-ip address-list-timeout=1h packet-size=1088
2 chain=input action=accept src-address-list=allow-ip
3 ;;; VPN: allow IKE
chain=input action=accept protocol=udp in-interface=ether1 dst-port=500
4 ;;; VPN: allow L2TP
chain=input action=accept protocol=udp in-interface=ether1 dst-port=1701
5 ;;; VPN: allow IPsec NAT-T
chain=input action=accept protocol=udp in-interface=ether1 dst-port=4500
6 chain=input action=accept protocol=ipsec-esp in-interface=ether1
7 chain=input action=accept protocol=ipsec-ah in-interface=ether1
8 chain=input action=drop protocol=udp dst-port=53
9 chain=input action=drop protocol=tcp dst-port=53,8728,8729,21,22,23,80,443,8291
10 chain=input action=drop protocol=udp in-interface=ether1 dst-port=53
11 chain=input action=drop protocol=tcp in-interface=ether1 dst-port=53
12 chain=input action=add-src-to-address-list protocol=udp address-list=DNS_ATTACK address-list-timeout=none-dynamic in-interface=ether1 dst-port=53 log=yes
13 chain=input action=passthrough
my NAT config:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=bridge1
1 ;;; masq. vpn traffic
chain=srcnat action=masquerade out-interface=ether1
2 chain=dstnat action=dst-nat to-addresses=server IP to-ports=3389 protocol=tcp src-address=remote IP dst-address=my "outer" fixed ip dst-port=9874
3 chain=dstnat action=dst-nat to-addresses=server IP to-ports=3389 protocol=tcp src-address=remote IP dst-address=my "outer" fixed ip dst-port=9874 log=yes
4 chain=dstnat action=dst-nat to-addresses=server IP to-ports=3389 protocol=tcp src-address=remote IP dst-address=my "outer" fixed ip dst-port=9874
5 chain=dstnat action=dst-nat to-addresses=server IP to-ports=3389 protocol=tcp src-address=remote IP dst-address=my "outer" fixed ip dst-port=9874 log=yes
6 chain=dstnat action=dst-nat to-addresses=server IP to-ports=3389 protocol=tcp src-address=remote IP dst-address=my "outer" fixed ip dst-port=9874
7 chain=dstnat action=dst-nat to-addresses=service ip to-ports=8001 protocol=tcp in-interface=ether1 src-port="" dst-port=8001
8 chain=dstnat action=dst-nat to-addresses=service ip to-ports=81 protocol=tcp in-interface=ether1 dst-port=81
9 chain=dstnat action=dst-nat to-addresses=service ip to-ports=554 protocol=tcp in-interface=ether1
10 chain=dstnat action=dst-nat to-addresses=nas server ip to-ports=5151 protocol=tcp dst-port=5001 log=no log-prefix=""
I have to connect my Synology NAS by ddns (already set and looks "normal") with Lets Encrypt certificate for https.
Thank you in advance for any suggestions.