EFW Support

Support => General Support => Topic started by: carlkb on Monday 07 June 2010, 06:12:15 am



Title: NAT in 2.3
Post by: carlkb on Monday 07 June 2010, 06:12:15 am
I am switching from Guide Dog/Guard Dog to efw so I can use a vpn, intrusion detection, virus scanning (on the firewall), etc.

I am using 2.3 because the iso for 2.4 would not install on my computers (dedicated Dell T105 and T110.)

I have set up a simple network to test the firewalls:

Red   -   174.141.46.204

Green -  192.168.0.49

Orange - 10.10.10.49

There are two servers on the orange network and one workstation on the green network.  I can access efw from the workstation on the green network.  I have tried to get two (simple) things to work:

1.  Forward red zone traffic on port 8080 to a Tomcat server in the orange zone:

                        Access from:     Zone/VPN/Uplink   ...  <ANY uplink>
                        Target:             Zone/VPN/Uplink   ...  <ANY Uplink>
                        Filter policy:      Allow
                        Service/Port:    Service: <ANY>      Protocol:  TCP    Target port:  8080
                        Translate to:    Type:  IP        DNAT Policy:   NAT
                        Insert IP:         10.10.10.40      Port:  8080

             Both 'Enabled' and 'Log' are checked.

2.  Allow traffic between zones (Inter-zone traffic...  green to orange):

                         Source:           Zone/Interface         Interface:  GREEN
                         Destination:    Zone/Interface         Interface:  ORANGE
                         Service/Port:   Service:   <ANY>      Protocol:  <ANY>
                         Policy:              Action:  ALLOW

              Both 'Enabled' and 'Log' are checked.

From the firewall computer, I can ping computers/servers on every newtwork.  I can ping 'google'. 

I see nothing in any of the logs (only traffic between the firewall computer and my workstation.)

I can not ping the external IP or any IP's outside the subnet (e.g., on 10.10.10.40, I can ping 10.10.10.15 but not 192.168.0.106).

I have read (and tried everything I can find in this forum and by googling but have been unable to get it to work.

Anyone have any ideas?

TIA,

Carl





Title: Re: NAT in 2.3
Post by: carlkb on Wednesday 09 June 2010, 10:06:40 am
Anyone have any ideas? 

I really can't figure it out and I am running very short on time.

Thanks,

Carl