Mapping ports for specific source IPs 1

[pmf71]

I Need some help here, i don't know if i am doing something wrong, or if winroute is somehow not working correctly.

I want to allow certain specific IPs from the internet to be allowed in and mapped thru specific ports to specific private IPs. Port Mapping example:

Listen port : 5800
Listen IP : 1.2.3.4 (example)
Destination IP: 10.0.0.50
Destination port: 5800

Seems to me that this setting will make winroute allow the computer with public IP 1.2.3.4 to communicate with the computer with private IP 10.0.0.50 thru port 5800. But when i set this mapping, winroute still rejects packets from 1.2.3.4 sending a packet to port 5800. I've tried different source IPs, other ports, but winroute refuses to let this specific IP in.
Now, If i set the listen IP to ANY, it works, perfectly. But of course, i dont want just anybody to be able to get in thru port 5800. And i am certain the IP i specify to let in, is the correct IP. The IP that is rejected (in the security log) is EXACTLY the IP that i specified in the port mapping.

I think this is very weird, to my knowledge there are no other setting that have to be made, or are there? If any of you who have read this, and have experience in mapping specific public IPs, please let me know your findings and/or suggestions.

Thanx in advance.

 

[Nordlund]

The IP number 10.0.0.50 is an internal address and is "illegal" on the I-net.

Set the destination IP to "Firewall" instead.
Then you can also MAP the port 5800 to you internal 10.0.0.50 address...

( See my post: thread888-513977 )
//Nordlund

 

[pmf71]

NOTE: This is *NOT* Kerio Firewall, it's Kerio Winroute PRO 4.2
which is a firewall + NAT(PAT) router for internet sharing.

Winroute does not have an option "firewall" as destination IP, you can only fill in a destination IP, which must be an ip in the internal network ip range.

 

[neoadmin]

from what I remember of Winroute PRO 4.2 (I'm on v5.0 now) I would set the listen/source ip as any, and then just make an address group and only allow connections based on what was in a certain address group.

That way i could add as many ip's to my address group as i wanted and not have to change port mapping..

hope this helps..

 

[pmf71]

To Neoadmin:

I'd like to ask you if you can help me with the advice you gave me. I have a little knowledge of NAT/PAT, but the use of address groups and such is new to me.

thanks in advance!

 

[jc718]

make sure your packet filtering rules are not set to deny/drop those packets. otherwise, they'll never make it through to get forwarded.

if you don't have any rules explicitly dropping those packets, then you may need to create a rule explicitly allowing them. (i can't tell you for sure because i have an end 'drop all' rule, so i always need to create an allowing rule for any packets initiated by an external host.)

 

[pmf71]

Thanks for the replies, but i have sorted it. I was doing something wrong. Winroute still rulezzzzzz

thanks for the help folks!