Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 08:18:55 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  2.3 - Port forwarding how??
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: 1 [2] Go Down Print
Author Topic: 2.3 - Port forwarding how??  (Read 95123 times)
Vinbob
Full Member
***
Offline Offline

Posts: 20


« Reply #15 on: Thursday 14 January 2010, 01:38:38 pm »

Johnny,

I don't know what to say other than I created the rules exactly as you say and it doesn't work. If I enable the source NAT, then it does. It doesn't make sense as what you suggested should work. I am at a loss... Another thing to remember from my earlier post, is that even if I turn off the firewall for outbound traffic which basically means everything is open, I still cannot get to the site from internal. So something else must not be configured right if you say it works on your end.

Cheers,
Vincenzo.
Logged
Johnny Chin
Full Member
***
Offline Offline

Gender: Male
Posts: 15



« Reply #16 on: Thursday 14 January 2010, 06:26:20 pm »

em....Only thing can help is need to go through your settings 1st. For my case is I just setup my EFW and direct do the settings as in the picture and it work.

Any how with the source NAT you can work then is great.
Logged
dukeluke
Jr. Member
*
Offline Offline

Posts: 5


« Reply #17 on: Sunday 17 January 2010, 01:31:49 pm »

hi all!

i was trying to do a port forwarding, but i can't get it working ...
i did like in the pictures, an in the logs i see that the packet are accepted, but they don't come to the target ip address.

what i want to do exactly is, i want to forward all openvpn traffic udp port 1194 to internal address 192.168.1.1:1194, but i don't get a connection.

what am i doing wrong?

please help!

luki
Logged
Johnny Chin
Full Member
***
Offline Offline

Gender: Male
Posts: 15



« Reply #18 on: Tuesday 26 January 2010, 12:32:29 pm »

Hi dukeluke,

You no need to do a y port forwarding to the 192.168.1.1:1194 if this is your efw address. What you need to do is open outgoing firewall for 1194 GREEN to RED and in the VPN traffic, add ANY to ANY service ANY.

Logged
raneesh
Jr. Member
*
Offline Offline

Posts: 7


« Reply #19 on: Saturday 17 April 2010, 08:22:14 pm »

can anyone tell me to do the rdc port forwarding with 2.3?
thanks in advance
raneesh
Logged
Steve
Sr. Member
****
Offline Offline

Posts: 108



WWW
« Reply #20 on: Saturday 17 April 2010, 10:37:34 pm »

Easy, just follow the indtructions:
http://docs.endian.com/firewall.html#port-forwarding-nat
Logged

                          
w00z
Full Member
***
Offline Offline

Posts: 10


« Reply #21 on: Monday 26 April 2010, 12:36:43 am »

i have the same problem.

i had to connect via rdp from my home to an internal server (192.168.60.1)

i tried to follow the instructions published on the first page but it does not want to work.

from the router (192.168.50.254) i redirected all the incoming traffic (1:65534) to the red interface ip (192.168.50.1), after that i added a rule in the dnat section using the same instructions of the screenshots on the first page of this post.

can somebody help me, please?
Logged
detailsit
Jr. Member
*
Offline Offline

Posts: 2


« Reply #22 on: Saturday 19 June 2010, 04:25:39 pm »

Hello,

I'm working with EFW 2.4. I've got port forwarding working using "Incoming IP - Type *" set to "Zone/VPN/Uplink" and "<ANY Uplink>" selected in the Destination NAT rule. What I'd like to do is restrict access to the port forward rule to a specific external IP address. If I select "Type * Network/IP/Range" and enter the verified external IP address in the "Insert network/IPs (one per line)" field, it fails to function.

Any suggestions/direction would be appreciated.

Thanks,
DetailsIT
Logged
yeganeh
Jr. Member
*
Offline Offline

Gender: Female
Posts: 2



« Reply #23 on: Saturday 07 August 2010, 09:39:52 pm »

I’m using Endian 2.3 and trying to forward 192.168.70.0 /24 port 4100 traffic to the internal server which is located on the green network with IP 192.168.40.40 port 7100. To configure this scenario I followed these steps:

1- Port Forwarding/ NAT > Destination NAT
    1-1 Access From: Network IP/Range:  192.168.70.0 /24
    1-2 Target: Zone/VPN/Uplink: ANY Uplink
    1-3 Filter Policy: ALLOW
    1-4 Service: ANY , Protocol: TCP, Target: 4100   
    1-5 Translate to: IP,   DNAT Policy: NAT
    1-6 Insert IP:  192.168.40.40, port: 7100

2- Outgoing Traffic
    2-1 Source: Network/IP , IP: 192.168.40.40
    2-2: Destination: Network/IP, IP: 192.168.70.0 /24
    2-3 Service: ANY, Protocol: TCP, Destination Port: 4100
    2-4 Policy: ALLOW

3- System Access
    3-1 Source address: 192.168.70.0/24    3-2: Source Interface: RED
    3-3 Service: ANY, Protocol: TCP, Destination Port: 7100
    3-4 Policy: ALLOW

Unfortunately, the DNAT rule is not working as planned.
I monitored the connections in the status section of the Endian system and I can see that the DNAT properly directs the packets and I monitored the my server (IP 192.168.40.40) with TCPDUMP and I found that the server receive packets but unfortunately the connection is not been built because the initial SYN packets from my client to my server is being translated by Endian Firewall into ACK packets which is preventing the initial 3 way handshake establishing.

TCPDUMP of  192.168.40.40

IP 192.168.70.92.50924 > 192.168.40.40.7100: S 1705309870:170530     
 9870(0) win 5840 <mss 1460,sackOK,timestamp 1791227116[|tcp]>
        0x0000:  4500 003c 1f9b 4000 3f06 f7d5 c0a8 7723  E..<..@.?.....w#
        0x0010:  c0a8 2bd7 c6ec 0016 65a4 f6ae 0000 0000  ..+.....e.......
        0x0020:  a002 16d0 89de 0000 0204 05b4 0402 080a  ................
        0x0030:  6ac3 f4ec 0000                           j.....

Am I missing something simple here? What should I do to solve this problem??
Logged

Yeganeh
jeliasson
Full Member
***
Offline Offline

Posts: 11


« Reply #24 on: Friday 06 May 2011, 08:08:25 pm »

Hi everyone!

I want to explain how I got port forwarding working, finally!  Grin
As many have pointed out, "System Access" is only for traffic to EFW - nothing else.

The problem is that DNAT isn't enought, because you also need to create an SNAT-rule so an 3-way handshake can be enstablished.
If you see previous post, especially from ddPAC, you will get the DNAT rule running.
Here comes my SNAT-rule (which applies to all DNAT-rules):

Source type: Network/IP
Internet network/IPs: 0.0.0.0/0
Destination Type: Zone/VPN/Uplink
Selected interfaces: GREEN
Service: <ANY>
Protocol: <ANY>
NAT: NAT ... to source address Auto
Enabled: Ticked (ofcorce)

Hope this helps!

Logged
daehnomel
Jr. Member
*
Offline Offline

Posts: 3


« Reply #25 on: Wednesday 21 December 2011, 09:37:48 am »

I'd like to  confirm my suspicions.  if i'd like to configure a web or FTP server I'd have to configure a DNAT rule , an SNAT rule and an outgoing firewall exception? Is that correct? Three screens to get a simple webserver up?  Someone please correct me if I'm wrong because if not I'lll be looking for another router distro that's not designed by sadists.


On anotther note I read the endian manual port forwarding section, and I still don't understand what the Source and Target options are, they seem a bit redundant and the descriptions are awful.
Logged
Pages: 1 [2] Go Up Print 
« previous next »
Jump to:  

Page created in 0.156 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com