FW-1 Portforwarding woes

[simon84]

Hi everyone,

Im running 4.1SP6 on an IP330. I configured the external if with 10.10.1.14/24 and one internal if with 192.168.0.1/24. I have a test machine with IP 192.168.0.2 connected there. Connection to and through the firewall is fine and I've been able to setup NAT for the internal 192.168.0.0/24 network with the following Address translation rule : src localnetwork(192.168.0.0/24), dst any, service any/src fw3(hide), dst original, service original.
But I can't get a simple portforwarding to work. I would like to forward a single port, for example 666/tcp to a machine on the internal network on the same port. I've tried this rule : src any , dst fw3, service bbb(666/tcp)/src original, dst Neptun(static/192.168.0.2), service original.
I tried connecting to 666/tcp on 10.10.1.14 from a machine within the 10.10.1.0/24 network, but I just get connection refused and ethereal capturing on the 192.168.0.2 machine doesnt show anything either.
Firewall-1 logfile shows an entry with the corresponding xlatesrc,xlatedst,xlatesport and xlatedport entries.
What else can I check/am I doing wrong?

Greetings,

Simon

[Sergej]

You need to add both - NAT (PortForwarding) and Security Rule.

[wandererz]

Is your rule setup before or after your stealth rule? (needs to be before)