NAT configuration issues

Ethernaut · December 8, 2024, 10:08pm

Hi Guys,

I’m having trouble configuring NAT for the Remote Play app. Only port 9303 is being translated correctly, while the other ports aren’t being translated as expected, despite being included in the NAT rule, I need use all ports in TCP&UDP (both)

set firewall group port-group ps_network port ‘9295’
set firewall group port-group ps_network port ‘9296’
set firewall group port-group ps_network port ‘9297’
set firewall group port-group ps_network port ‘9303’
set firewall group port-group ps_network port ‘9304’
set firewall group port-group ps_network port ‘8572’
set firewall group port-group ps_network port ‘987’
set firewall group port-group ps_network port ‘9305’
set firewall group port-group ps_network port ‘9306’
set firewall group port-group ps_network port ‘9307’
set firewall group port-group ps_network port ‘9308’
set firewall group port-group ps_network port ‘9298’
set firewall group port-group ps_network port ‘9299’
set firewall group port-group ps_network port ‘9300’
set firewall group port-group ps_network port ‘9301’
set firewall group port-group ps_network port ‘9302’

set nat destination rule 12 destination group network-group ‘wan-ip’
set nat destination rule 12 destination group port-group ‘ps_network’
set nat destination rule 12 inbound-interface name ‘bond0.400’
set nat destination rule 12 protocol ‘tcp_udp’
set nat destination rule 12 translation address ‘172.10.20.15’

Rule Packets Bytes Interface

10 2902 162548 bond0.400
11 0 0 bond0.100
12 40 4640 bond0.400

ipv4 Firewall “name WAN-TO-LOC”

Rule Packets Bytes Action Source Destination Inbound-Interface Outbound-interface

10 0 0 drop any any any any
20 0 0 accept any any any any
30 10 4850 accept any any any any
60 0 0 accept any any any any

set firewall ipv4 name WAN-TO-LOC rule 60 action ‘accept’
set firewall ipv4 name WAN-TO-LOC rule 60 description ‘Allow PS Network’
set firewall ipv4 name WAN-TO-LOC rule 60 destination group port-group ‘ps_network’
set firewall ipv4 name WAN-TO-LOC rule 60 log
set firewall ipv4 name WAN-TO-LOC rule 60 protocol ‘tcp_udp’

set firewall ipv4 name LAN-TO-WAN default-action ‘drop’
set firewall ipv4 name LAN-TO-WAN default-log
set firewall ipv4 name LAN-TO-WAN rule 10 action ‘accept’
set firewall ipv4 name LAN-TO-WAN rule 10 destination address ‘0.0.0.0/0’
set firewall ipv4 name LAN-TO-WAN rule 10 log
set firewall ipv4 name LAN-TO-WAN rule 10 protocol ‘all’
set firewall ipv4 name LAN-TO-WAN rule 10 source address ‘172.10.20.0/24’

Thanks

Ethernaut · December 8, 2024, 11:02pm

Hi, I create rule LAN-TO-WAN and default-action accept and work ok

system · December 10, 2024, 11:03pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.