VyOS Port Address Translation for HTTPS
-
Here are the NAT rules.
rule 1 { description "NginX Proxy" destination { address XXX.XXX.XXX.43 group { port-group HTTP_HTTPS } } inbound-interface eth0 inside-address { address 10.202.1.16 } log disable protocol tcp_udp type destination } rule 3 { description "RDS HTTPS" destination { address XXX.XXX.XXX.44 port 443 } inbound-interface eth0 inside-address { address 10.202.1.13 port 443 } log disable protocol tcp type destination } rule 4 { description "RDS RDP" destination { address XXX.XXX.XXX.44 port 3389 } inbound-interface eth0 inside-address { address 10.202.1.13 port 3389 } log disable protocol tcp source { group { address-group RDP_Allowed_IP } } type destination } rule 5 { description "PBX Restricted Port Forward" destination { address XXX.XXX.XXX.42 group { port-group PBX_Ports } } inbound-interface eth0 inside-address { address 10.202.1.9 } log disable protocol udp type destination } rule 5000 { description "Nginx Proxy" destination { } log disable outbound-interface eth0 outside-address { address XXX.XXX.XXX.43 } protocol all source { address 10.202.1.16 group { } } type source } rule 5002 { description "RDS HTTPS" log disable outbound-interface eth0 outside-address { address XXX.XXX.XXX.44 port 443 } protocol tcp source { address 10.202.1.13 port 443 } type source } rule 5003 { description "RDS RDP" destination { group { address-group RDP_Allowed_IP } } log disable outbound-interface eth0 outside-address { address XXX.XXX.XXX.44 port 3389 } protocol tcp source { address 10.202.1.13 port 3389 } type source } rule 5005 { description "Default NAT Masquerade" log disable outbound-interface eth0 protocol all type masquerade }
-
I'm working from the examples here...
-
just comparing my Nginx rules to yours, it all looks laid out right.
-
Did you apply the firewall rule to the interface?
-
@JaredBusch said in VyOS Port Address Translation for HTTPS:
Did you apply the firewall rule to the interface?
I've even rebooted!
-
Do you have a source rule to match this? or does the source rule work on the default masquerade? i.e. you only have a single static IP involved here.
-
You can see in my RDP rules that I have a source rule setup because it is a different IP than the default IP of the router.
-
@JaredBusch said in VyOS Port Address Translation for HTTPS:
Do you have a source rule to match this? or does the source rule work on the default masquerade? i.e. you only have a single static IP involved here.
I just removed the source rule to test. There is only one static IP at the moment.
-
Got it working. The firewall rule was in the wrong section of the firewall.
-
@scottalanmiller said in VyOS Port Address Translation for HTTPS:
Got it working. The firewall rule was in the wrong section of the firewall.
You had it on eth0 local instead of eth0 in?
-
@JaredBusch said in VyOS Port Address Translation for HTTPS:
@scottalanmiller said in VyOS Port Address Translation for HTTPS:
Got it working. The firewall rule was in the wrong section of the firewall.
You had it on eth0 local instead of eth0 in?
Yuppers.