EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 21 December 2024, 09:31:58 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14262
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
PLS Help: Destination NAT would't work (SOLVED)
0 Members and 2 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: PLS Help: Destination NAT would't work (SOLVED) (Read 16881 times)
mrt
Full Member
Offline
Posts: 23
PLS Help: Destination NAT would't work (SOLVED)
«
on:
Monday 12 April 2010, 08:41:00 pm »
Hi all,
I'm planning to convert my GW/Firewall from Clarkconnect 5.1 (ClearOS) and install the community version 2.3 and having som problems with reaching my mailserver (and bigger confusing after reading several post here about problems with portforwarding.)
I have read the manual, tryed to "read" this, read several post here, but some says that that it must be an System access rule, other says no and it must be an Source NAT rule. Regarding to the manual, the System access rule is only to the Endian itself, and some predefined rule is working there. (efwsupport.com/index.php?topic=1065.0). I do not have any other rules that the one's in Destination NAT, all other is "Predefined" from the system.
I have one Exchangeserver running on VMware INSIDE my network and want to forward port 80, 443, 25 and 21 to that server.
My Networks looks like this:
Red uplink
=
pppoe
(public IP, e.g 88.89.123.123)
Green network
(eth0=10.0.0.2)
Exchangeserver =
10.0.0.16
My forwarding rules is:
Access from Target
Type Zone/VPN/Uplink -
<ANY Uplink>
Type Zone/VPN/Uplink -
Zone GREEN - IP 10.0.0.2
Filter policy:
Allow
Service/Port
HTTP - TCP - 80
Translate to
IP
DNAT Policy
NAT
Insert IP Port/Range
10.0.0.16
80
And the same for port 443, 25 and 21
Is this the correct way of doing it or, what should I do, is there any other "official" HowTo on this? So, could someone help me out with this?
PS, I have some screenshots if someone need it on PM
PS1: If someone HAVE a working portforwardingrule to an internal Exchangeserver/webserver working, I would very much like to get any feedback from this.
PS2:
As I can read on several forums on Endian, there is some problems with portforwarding, could it be a BUG in Endian?, any from the development team who could pls. answer me?, it is some confusion out here also in the answers on what the correct answer is. :-)
#UPDATE - 1#
Just to see if I could reach my Endian from outside, I made an System Access rule for ping, and I can ping my ip, so it's alive.
I can't see anything http "hit" the FW log for incoming. I see the Exchangeserver 10.0.0.16 "contact" some IP outside.
My Proxy is Off
I'm running DynDNS but haven't enable it yet due to that I have to be sure the FW forwarding rule work OK before I tell my Nameserver to point to DynDNS. So for this test I use my public IP to see if I came through to my Exchangeserver and OWA (Outlook Web Access). It should work with just the public IP, I have tested it with my ClearOS FW.
So, now I'm confused and "stucked".
Thanks alote in advance... :-)
With regards from Norway
Logged
lribeyre
Jr. Member
Offline
Gender:
Posts: 6
Re: PLS Help: Destination NAT would't work
«
Reply #1 on:
Monday 12 April 2010, 11:40:02 pm »
Hi,
I dont have any trouble regarding port Forwading, but i have a question for you regarding port 443.
Are you able to access the Endian's Administration Page after forwarding port 443 to your exchange? (i think there is an issue between port 443 and port 10443)
For your issue, go to the "firewall tab" -> "port forwading / NAT" -> "destination NAT" tab
On the Target , try to select "zone green : ip ALL known. You others settings seems to be fine
Then, from outside your network, try a "telnet" commande like : telnet my_public_ip 25
You should reach your Exchange and see the version of your current Exchange server.
Logged
System Engineer
Activlan - France
mrt
Full Member
Offline
Posts: 23
Re: PLS Help: Destination NAT would't work
«
Reply #2 on:
Tuesday 13 April 2010, 07:38:51 pm »
Hi and thank you for the reply.
I change it as you suggested, and try telnet on port 110, no respons at all, no hit in the realtime firewall logg.
But, I tryed something else, and that work !, but I did't understand why.
I change the Target to <Uplink main IP:all known ip> like this:
My forwarding rules is:
Access from Target
Type Zone/VPN/Uplink -
<ANY Uplink>
Type Zone/VPN/Uplink -
<Uplink main IP:all known ip>
Everything else the same.
When I then telnet to e.g port 110, my Exchangeserver was ansering that POP3 is ready.
Why is this working?
Logged
lribeyre
Jr. Member
Offline
Gender:
Posts: 6
Re: PLS Help: Destination NAT would't work
«
Reply #3 on:
Tuesday 13 April 2010, 10:36:19 pm »
Hello,
Because your request is made to your Uplink Red interface, then, you translate the address to your local IP address (in this case, your Exchange local IP)
I know that, logically, the "target" should be the destination adress (the Green interface), but i use this logic :
Access from : Outside world
Target : To my Box (so the Red interface)
And my box translate the address where i want ...
Logged
System Engineer
Activlan - France
mrt
Full Member
Offline
Posts: 23
Re: PLS Help: Destination NAT would't work
«
Reply #4 on:
Wednesday 14 April 2010, 09:34:43 pm »
Thank you for the "logic" explanation. :-)
I could now see why other also have problem with understanding the way "they" was thinking.
I also found some links (bugfix) on the upcomming upgrade 2.3.1, there it says black on white that is difficult to use and understand Destination NAT (Port Forwarding).
Text: htt_://bugs.endian.it/view.php?id=2472
Screenshot: htt_://bugs.endian.it/file_download.php?file_id=354&type=bug
So, now my post is SOLVED. :-)
PS, perhaps we should contribute to make an HowTo with screenshoots on different things to do, for this Endian 2.3 ?
Regards, from Norway
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com