|
Title: Need help for port forwarding Post by: ulim on Monday 23 November 2009, 08:56:07 pm Hello,
although I have some experience with diverse firewalls, I am a newbie to the Endian firewall. I try to set a 2.3.0 Endian as a firewall for a webserver, but I cannot get it running. I have set up the following test environment: Green: Webserver 192.168.100.40 / 16 Red (for testing): 1.110.110.1 / 24 My test PC: 1.110.110.2 /24 When allowing system access from the RED, I can connect to the Endian from Test PC to 1.110.110.1:10443. So, I assume my 1.110.110.1/24 sub net is working. The webserver PC can also connect to the Endian. I tried the following: Firewall -> Dest.Nat: Access from: Uplink main (RED) Target: Uplink main (RED) Filter: Allow Service: http (TCP/80) DNAT Policy: NAT Translate to: 192.168.100.40, Port 80 When looking in the firewall log, it says: Firewall 2009-11-23 10:37:15 PORTFWACCESS:ACCEPT:1 TCP (eth1) 1.110.110.2:50348 -> 192.168.100.40:80 (br0) However, the test PC cannot establish a connection: Verbindungsaufbau 1.110.110.1 .. Es konnte keine Verbindung mit dem Hoste hergestellt werden.. Question: Why does the port forwarding not work? - do I need an additional route (e.g. static?) to 192.168.100.40? - do I need some rules for allowing the connection request to be answered? BTW, the Endian doesnt answer a ping on the RED. I suspect this is on purpose for security reasons, but I would like to see the ping. How can I enable it? Thanks very much, Uli Title: Re: Need help for port forwarding Post by: glynd on Wednesday 25 November 2009, 05:01:41 pm Hello Ulim,
I have the same problem after setting up in the same manner. Did you get any resolution to this? One thing I have found is that if I enable the proxy ( I m using for SMTP) then mail is delivered correctly but a telnet on port 25 to the red interface from outside, replies with the EFW smtp server. I too have worked with other firewalls and some of them seem to be configured backwards. What I mean is that the destination interface is actually the public (or Red in EFW parlance) rather than the Red being the source. I haven't tried this but maybe we have it backwards in our minds... Let me know if you come right Title: Re: Need help for port forwarding Post by: glynd on Wednesday 25 November 2009, 05:55:18 pm The answer to how it works is in the thread http://efwsupport.com/index.php?topic=1064.0
I have tried it and it works although I am not really following the rationale behind it. |