EFW Support

Support => General Support => Topic started by: xlancealotx on Friday 24 June 2011, 12:28:02 am



Title: Basic IP forwarding for website
Post by: xlancealotx on Friday 24 June 2011, 12:28:02 am

I have a webserver running on a private 10.10.5.144:80 standard port and works internal.  I have a router in parallel doing port forwarding and it works as expected.  On the endian, under Firewall->Port Forwarding / Destination NAT I have one rule.

Uncoming IP: Uplink ANY
Service: TCP/88
Translate to: 10.10.5.144 : 80

Now when I hit the red zone IP on the endian on port 88 I do see the connection on the firewall log with the following;
2011-06-23 10:09:18   PORTFWACCESS:ALLOW:1 TCP (eth3) 1.2.3.4:45991 -> 10.10.5.144:80 (br0)

I get numerous attempts in the logs but nothing in browser nor anything in the apache logs.  I can hit website from the other router/port forwarding as well as hit it from the internal 10.x address so is there another 'system' rule or something I am missing.  I had an issue on install just getting to ping the external which I found out through trial and error was under the 'system access' section.

Thanks


Title: Re: Basic IP forwarding for website
Post by: susantadutta84 on Friday 24 June 2011, 03:36:46 pm
Please check the screenshot for proper configuration in port port forwarding.


Title: Re: Basic IP forwarding for website
Post by: xlancealotx on Friday 24 June 2011, 11:21:35 pm
Thanks for the reply, but the only difference is your 'user defined' service I have 'ANY' which is fine.  Plus the fact that the firewall log I included shows the connect, translation led me past this part of the config since it's already doing the translation to port 80 as seen in the log but since apache doesn't shows the connect I think it's still somewhere in Endian config.

The same problem I had with just enabling ICMP, I couldn't just make an inbound rule, I had to goto system access so thought maybe there was something else with the port forwarding.

Thanks again ....


Title: Re: Basic IP forwarding for website
Post by: speccompsol on Saturday 25 June 2011, 09:36:40 pm
Outgoing Firewall Rule needed to allow the outbound traffic on Port 88.   While you are using the stadanrd Port 80 for traffic on the internal server and there is a default rule in the outgoing firewall to allow web traffic to the internet, your connection to and from the internet you specify is not on the standard web port from the internet.

Outgoing Firewall Rule
Source: Internal Server IP:80
Destination: Any:88



Title: Re: Basic IP forwarding for website
Post by: susantadutta84 on Tuesday 28 June 2011, 02:48:58 pm
configure outgoing firewall rule:
            Source               Destination     Service        Policy      Actions
           10.10.5.144         RED       <ANY>        ALLOW with IPS