Solved: Re: Inbound NAT on FDM help

Ash Roberts · ‎12-03-2025

Hi all we are trying to allow external access inbound to a SQL server on port 1433. Can't seem to get this to work and i think its clearly my understanding but the NAT rule is as follows:

Outside -> Inside
Original Packet:
Source <Public IP> Port 1433
destination <SQL Server Internal IP> port 1433

Translated Packet
Source <Public IP> port 1433
Destination <SQL Server Internal IP> port 1433

I then have an ACL to allow traffic through. this is not working. Examples of inbound seem limited but ones i am reading are saying NAT the inside to public IP first so it works in other direction also (bi-directional). Then control the flow with the ACL?

Any help or advice on theory would be great thank you.

Ash Roberts · ‎12-03-2025

@Rob Ingram Thank you finally a decent example!

If i want to lock this down from a specific public IP do i do this part in the ACL and leave the NAT rule as per the example?

Thanks

View solution in original post

Rob Ingram · ‎12-03-2025

@Ash Roberts the source and destination port of the original/translated packet won't both be tcp/1433. Have a look at the example at the "inbound access" section of this post. If you still have a problem, please run packet-tracer from the CLI and provide the output.

Ash Roberts · ‎12-03-2025

@Rob Ingram Thank you finally a decent example!

If i want to lock this down from a specific public IP do i do this part in the ACL and leave the NAT rule as per the example?

Thanks

Rob Ingram · ‎12-03-2025

@Ash Roberts yes, I would restrict the source in the Access Control (ACL) rule.