Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 29 December 2024, 06:01:04 pm

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  NAT Problems-Traffic not crossing zones.
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: NAT Problems-Traffic not crossing zones.  (Read 14315 times)
rosiakc
Jr. Member
*
Offline Offline

Posts: 2


« on: Saturday 11 February 2012, 08:55:17 am »

.
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #1 on: Sunday 12 February 2012, 12:42:22 pm »

I think you have made some mistakes in your firewall project:

The red interface should not be ping from internal LAN, only the green and all interfaces on the Internet that have been enabled. This is done by the default firewall configuration. You should notice in Firewall->outgoing firewall the following line: (if it is not present then add it)

Source:
GREEN
ORANGE
BLUE
Destination:
   RED    
Service:
ICMP/8
ICMP/30

ALLOW with IPS    allow PING

Also if you go to a computer that is outside your firewall (RED) you should NOT ping any of your internal PC otherwise you do not need a firewall but a simple router.

Also the source NAT rule to allow GREEN traffic to go to RED should be generated by default; check Firewall->Port forwarding->Source NAT->show_system_rules

You should only need a port forwarding rule to route incoming traffic in RED  to your internal IP server (assure you use private IP addresses for your internal LAN)

Next, if you have made the following two step, you should not use a firewall because it is useless:
Made an incoming routed traffic rule to forward all incoming traffic on RED to be passed to the Server on Green LAN.
Disabled the IPS, and outgoing traffic firewall, and made a system access rule to allow all traffic from red to go to green, and made policy routing rules to allow all traffic./li]


Davide.
Logged
rosiakc
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Monday 13 February 2012, 01:48:03 am »

.
Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #3 on: Tuesday 03 April 2012, 07:14:39 pm »

Same issue with me too. I am using EFW v2.5

Interface are
Green 192.168.0.1
Red 192.168.
Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #4 on: Thursday 05 April 2012, 08:11:51 pm »

I think you have made some mistakes in your firewall project:

The red interface should not be ping from internal LAN, only the green and all interfaces on the Internet that have been enabled. This is done by the default firewall configuration. You should notice in Firewall->outgoing firewall the following line: (if it is not present then add it)

Source:
GREEN
ORANGE
BLUE
Destination:
   RED    
Service:
ICMP/8
ICMP/30

ALLOW with IPS    allow PING

Also if you go to a computer that is outside your firewall (RED) you should NOT ping any of your internal PC otherwise you do not need a firewall but a simple router.

Also the source NAT rule to allow GREEN traffic to go to RED should be generated by default; check Firewall->Port forwarding->Source NAT->show_system_rules

You should only need a port forwarding rule to route incoming traffic in RED  to your internal IP server (assure you use private IP addresses for your internal LAN)

Next, if you have made the following two step, you should not use a firewall because it is useless:
Made an incoming routed traffic rule to forward all incoming traffic on RED to be passed to the Server on Green LAN.
Disabled the IPS, and outgoing traffic firewall, and made a system access rule to allow all traffic from red to go to green, and made policy routing rules to allow all traffic./li]


Davide.



Dear Davvidee,

Same issue with me too. I am using EFW v2.5

Interface are
Green 192.168.0.1
Blue 172.

Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #5 on: Saturday 07 April 2012, 11:15:37 pm »

Hmmm  :-)
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com