Unable to get firewall to stop blocking specifc ports

JLHSolutions
Here to help

Unable to get firewall to stop blocking specifc ports

I have the Meraki MX67 Security appliance and I configured a port forwarding rule to allow a specific port to go to a specific client IP address. But I am unable to access this client remotely. When I am using the internal LAN IP and port number, it works. But when I try my WAN IP and Port number, it just spins and finally times out. I don't know what the issue is. This is my first go with Meraki products and I thought it would be easier and more secure than off the store items, but apparently its not. I tried setting up a Layer 3 rule, but that didn't work either. Then I tried a 1:1 NAT rule, but that didn't solve it either. I have been reading thru all the different pages that come up when I google this. 

Hopefully someone here can tell me what I need to do to get this port open so I can access my device remotely.

Thanks!

5 Replies 5
Brash
Kind of a big deal
Kind of a big deal

What is your WAN IP address? Does it look like 100.x.x.x?
If so, you might be behind CG-NAT

 

JLHSolutions
Here to help

Yes my WAN IP looks like that. What is CG-NAT?

Brash
Kind of a big deal
Kind of a big deal

CG-NAT (Carrier Grade NAT) is when instead of giving you a true Public IP address, the ISP has given you an 'private IP'.
It allows the ISP to NAT multiple customer's onto a single Public IP address.

One of the limitations of this is that end customer's cannot perform port-forwarding, as they do not have a dedicated Public IP address for their service.

You will need to contact the ISP to request a static public IP be assigned directly to you. (This may require additional costs and will require an outage of some length during the transition).


A longer but better explanation of CG-NAT can be found at the following link
What is Carrier Grade NAT (draytek.co.uk)

BlakeRichardson
Kind of a big deal
Kind of a big deal

If the device you are connection to is a Windows device have you set a remote device scope in your Windows firewall?

 

Screenshot 2024-04-18 at 2.24.58 PM.png

 

 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
JLHSolutions
Here to help

It is a Zimaboard that runs CasaOS. I am trying to set up a little automation server that I can access remotely. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels