EFW Support

Hi all,

I recieved from the ISP 2 ips assigned to the cablem modem,
Ip1: 190.x.x.x
Ip2: 186.x.x.x
netmask 255.255.255.240
default 190.x.x.x

I configured the red with the 190 and the extra in the more ips, then I configure the green with the 192.168.1.x, the blue with 192.168.2.x and the orange to 192.168.3.x

The problem is when I want to configure the Ip2 public to the orange servers, so I configured the DNAT and SNAT like in the tutorials but still can rich the orange subnet

I can not see packets reaching the orange network...
Can anyone give me a hand
Thanks
Daniel

Have you created rule for incoming routed traffic. Otherwise your firewall will drop all the packets coming on the red interface and if you do not have incoming routed traffic rule.

hi fqureshi, thanks for the reply

Yes I did try the incoming

source 186.x.x.x/24 destination ORANGE any allow

is this ok?

Then I have the SNAT
source 192.168.3.0/24 destination RED NAT to 186.x.x.x

and also I have port forwarding the incoming 186.x.x.x port 80 to 192.168.3.250:80 allow


Any idea? may be because the 186.x.x.x do not have a valid default gateway??

Your scenario is bit complex I think. You should first try if your live IPs are working (routed through ISP)

You might have to remove source NAT as you are already using port forwarding . In my case I am not using SNAT rules. I have just defined the incoming routed traffic rule which is

Source: ANY
Destination: MY LIVE IPs
SERVICE: ANY
POLICY:ALLOW

Similarly one more rule in the incoming routed traffic:

SOURCE:MY LIVE IPs
DESTINATION:RED
SERVICE:ANY
POLICY:ALLOW

According to rules you have created, below one is correct as you have asked:

source 186.x.x.x/24 destination ORANGE any allow

Looks like I got the problem,
the ISP provider, reserved 2 public ips to the RED mac of the endian, and they will be assigned with the dhcp request.
First question: Endian has the ability to retrieve more than 1 ip from DHCPREQUEST??

Starting from there :)

Cherrs,
Daniel