EFW Support

Hi,

I have this setup

red:
123.123.123.1/24
123.123.123.2/24
123.123.123.3/24
123.123.123.4/24
123.123.123.5/24

Green:
192.168.1.1

Servers on green:
192.168.1.11 < webserver 1
192.168.1.12 < webserver 2
192.168.1.13 < mailserver 1
192.168.1.14 < mailserver 2
192.168.1.15 < ssh host

Target solution
123.123.123.1:80 > 192.168.1.11:80
123.123.123.1:443 > 192.168.1.11:443
123.123.123.2:80 > 192.168.1.12:80
123.123.123.2:443 > 192.168.1.23:443
123.123.123.3:25 > 192.168.1.13:25
123.123.123.4:25 > 192.168.1.14:25
123.123.123.5:22 > 192.168.1.15:22

If the mailservers communicate with the outside world, they need to have their own ip as source:
mailserver 1: 123.123.123.3
mailserver 2: 123.123.123.4

Now for the big question:

How to configure this in EFW2.3?

I've tried this:
Destination NAT >
Add a new destination NAT rule >
Access from: < ANY >
Target: Type: Zone/VPN/Uplink: Uplink Main (Main Uplink) - IP: 123.123.123.1
Filter policy: ALLOW with IPS (ids is off so shouldn't interfere)
Service: HTTP, Protocol TCP, Port 80
Translate to: IP, Policy NAT
Insert IP: 192.168.1.1 Port/Range: 80
Enabled + Log, Remark: HTTP from 123.1 to 1.1
Create rule
Apply

Testing:
opening http:123.123.123.1
timeout

log: PORTFWACCESS:ALLOW:1 eth1 KEY_TCP 123.123.123.11:52655   ff:ff:08:00:0c:00 192.168.1.1: 80

But no website.....

so what am I doing wrong?

Based on your target solution section above you shouldn't translate to IP 192.168.1.1 as that points to the IP for the GREEN zone interface. The rule should point to 192.168.1.11. It may be just a typo but I saw you wrote it multiple times so I figured I point it out.

It makes sense that the request times out because the GREEN interface is not listening on port 80.

Hope that helps.  :)

Do you add multiple ip red on interface menu?

Try:
Target: Type: Network/IP/Range - 123.123.123.1