EFW Support

Support => General Support => Topic started by: Cieve on Monday 16 April 2012, 01:03:37 pm



Title: Port Forwarding Troubles
Post by: Cieve on Monday 16 April 2012, 01:03:37 pm
I took an old PC I had lying around and put EFC 2.5.1 on it. I am on a basic residential cable internet connection, and so far routing, dhcp, etc. are all working.

The problem that I'm having is that I also run a Debian based web/voice communications/other server, and I simply cannot get port forwarding to work. Since I'm on a residential connection I use no-ip.com as my dynamic dns source used to point to my web server. I'm short 1 NIC, so I don't have a DMZ setup, which means my web server is in my Green zone. Nothing I've tried so far has seemed to offer any evidence of what the problem may be. I have setup port forwarding, other firewall rules, and I even saw a thread where someone suggested making the web interface on the EFW box available over the internet.

On top of all of that, I have a pretty good basic understanding of a lot of this, but on the other hand that means I am probably making some mistakes. I can access the web server by punching in the internal IP, but I haven't been able to access it externally in any way, shape or form. I've read that having the web server in the Green zone can cause issues, and this is my first time using Endian. As such, I've taken that into account, and I tried to access the web server by using the no-ip url, and my current ISP given IP from a PC with a separate internet connection. No dice.

While I have tried all sorts of other configuration "options" I have focused on just using port forwarding in Simple Mode. I have configured port forwarding only for HTTP access on Port 80 currently as I figured that once I got HTTP access I could setup forwarding for other services.

I have my MAIN Uplink selected for "Incoming IP."

Incoming Service/Port/Protocol - HTTP/80/TCP

This is translated to the internal IP address of my web server, and just in case anyone asks I can confirm that it is configured with a static IP on the internal network.

I know I'm doing something wrong, but I have not figured it out yet. If anyone has any clues it would be much appreciated!     :)


Title: Re: Port Forwarding Troubles
Post by: fqureshi on Monday 16 April 2012, 01:11:05 pm
Have you created a rule under "incoming routed traffic". This might be blocking it.
Also if you have any specific IPs from your service provider hosted at your end then you also have to create policy routing under network menu and then routing.

Most probably the early part will solve your problem.


Title: Re: Port Forwarding Troubles
Post by: Cieve on Monday 16 April 2012, 01:18:33 pm
Hah, wow... I had a rule setup, but looks like maybe I made a mistake. I created a new one, and I can access port 80 from my cell phone which is on the carrier network. However, I am still unable to access it internally. I've read that there are some issues with achieving this when the web server is in the Green zone, but I've also read some solutions. I just never quite made it this far.

I'm going to try those now and see where I get. I feel a little ridiculous knowing that it was a simple mistake that prevented all access, but such is life. I appreciate your help there. Not sure I would have known to check that again otherwise.


Title: Re: Port Forwarding Troubles
Post by: fqureshi on Monday 16 April 2012, 01:27:17 pm
I am running multiple webservers behind endian firewall i.e. on green network (as per your terminology) on different ports. In most of the cases I am using a simple port forwarding rule under firewall. However for webservers on external IPs, I have to create a policy based routing and incoming routed traffic rule to make it work.

Let me know how it goes.


Title: Re: Port Forwarding Troubles
Post by: Cieve on Monday 16 April 2012, 02:30:52 pm
Well I still haven't figured out how to access my services internally using the URL as opposed to typing the internal IP. If I use my phone carrier's network I can type in (for example) server.sytes.net and access my web server as intended; however, if I type server.sytes.net from my PC I cannot access the page.

That isn't a huge deal. It is mostly for convenience. There is no reason I can't just use the internal IP for now until/unless I find a solution.

Instead I setup my access point, and at 30 minutes past midnight I remember I have stuff to do for work before tomorrow morning. Never ends!   :)

Thanks for all your help. This has been a pretty good learning experience so far.


Title: Re: Port Forwarding Troubles
Post by: fqureshi on Monday 16 April 2012, 07:17:32 pm
It seems the issue is with dns lookup internally. Do a nslookup and see if it is resolving or not? Have you defined dns under your network settings in ur own system?


Title: Re: Port Forwarding Troubles
Post by: Cieve on Tuesday 17 April 2012, 04:44:24 am
Oh yeah, right now I'm using Google's public DNS servers until I can figure out why EFW isn't passing the DNS config handed down from my ISP. I have full internet capabilities on my network though. It's just my web server I can't access. Here's the thing too; I can't access it whether I type in my external IP or the domain name linked to the server through NO-IP services.

I can access all services hosted on my server just fine internally using the internal IP address. It would just be nice not to do that just due to convenience issues. It really isn't a huge deal, but I would think it would be something that could be cleared up. I also wouldn't think that I'd have to run any kind of internal DNS, but I don't know so much about that.

I should be able to figure it out given time though. I have an entry level position in IT, so I work with things like this from time to time. The caveat is I have resources available to me on the job that I don't have when sitting at my PC at 2 in the morning! :)

Either way, I've thoroughly enjoyed setting up EFW just due to what I've learned. Thanks again for all of your help.