Port Forward Troubleshooting Guide
Port forwards can be tricky. Below is a series of suggestions about getting port forwards to work.
- Read the Port Forwarding FAQs
- Verify that the destination host on the inside is using the Untangle as its default gateway. If not the packets won't find their way back to the outside machine.
- Verify that the destination service is reachable from the inside on the IP and port specified in your port forward rule. Many hours have been wasted on troubleshooting port forwards when the destination isn't working right.
- Test your port forward using 'telnet.' In windows you can run start->run and then you can type telnet 220.127.116.11 123 where 18.104.22.168 is your external IP and 123 is the port your port forward rule matches. If it connects and hangs then the port forward is working. If it fails to connect then your port forward is not working.
- Test your rule from the outside. Port forwarding back inside the network has extra complications. First verify that it works from the outside.
- Verify that Untangle can connect to the final destination. To do so open the console on Untangle and type 'telnet 192.168.1.10 123' where 192.168.1.10 is the internal server you are forwarding to and 123 is the port. If it connects then Untangle can reach the server. If it fails to connect Untangle can't reach the server and the port forward will probably not function until this part is working.
- For testing, turn off the "Firewall" application if you have it installed. Port forwards will not work if they are blocked by the firewall.
- Simplify your port forward rule. Remove extra qualifiers and make it contain as few as possible. For example specify just what port to forward and "Destined Local" and then which server to forward it to. If that works then add the extra qualifiers back one at a time testing each time.
- If you are port forwarding port 443 (HTTPS), try moving Untangle administration to another port so port 443 is available to be forwarded.
- Remove any "Source Port" and "Source Address" and "Source Interface" qualifiers - 99% of the time these are misused when "Destination Port" and "Destination Address" should be used instead.
- For advanced users, use tcpdump to debug and watch the packets. To do so, run these commands in seperate windows where 123 is the port you are trying to forward. This assumes you are forwarding external traffic (eth0 by default) to internal (eth1 by default). tcpdump -i eth0 -n "port 123" and tcpdump -i eth1 -n "port 123"
- Still not working? Post a screenshot of your port forward rule to the forums and along with your results from the above tests and ask for help.