EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 01 December 2024, 02:16:42 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the Official Endian Bug tracker
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
Installation Support
2.3: Need help: WebServer in DMZ, Understanding DNAT/SNAT/Inco
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: 2.3: Need help: WebServer in DMZ, Understanding DNAT/SNAT/Inco (Read 15918 times)
Timo
Jr. Member
Offline
Posts: 1
2.3: Need help: WebServer in DMZ, Understanding DNAT/SNAT/Inco
«
on:
Wednesday 23 December 2009, 02:53:00 am »
Hello Everyone,
we're trying to use efw as our new firewallsystem. Maybe the meaning of some items are quite different from what we think of...
efw 2.3 Enterprise demo
server with 4 Nics
- green -> 192.168.3.2
- orange -> 192.168.1.2
- red -> xx.yy.zz.2 (Public IP)
- (hot standby->2nd efw lifebeat)
(web-)server4
-nic1 -> 192.168.3.4 (green)
-nic2 -> 192.168.1.4 (orange)
(web-)server5
-nic1 -> 192.168.3.5 (green)
-nic2 -> 192.168.1.5 (orange)
and so on..
The Servers must be accessible from the web via public IPs (orange). the green net handles Administration, Backup, remote maintenance and so on.
we have a range of 30 public IPs.
Wishing to configure this like:
Public IP xx.yy.zz.4 -> efw -> orange: 192.168.1.4
In an optimal way i put a new server in DMZ with e.g. 192.168.1.10 and this webserver is automatically accessible from outside over the public ip xx.yy.zz.10 - and for all the webservers in the DMZ we have some few general filters (because the webservers are all identical).
My Problem ist to understand the meaning of Destination Nat, Source Nat and Incoming routed Traffic.
What i have tried:
(disable all SNAT and Incoming r Traffic rules)
Destination NAT:
Source: RED, Target: ORANGE, Allow, all/all, and then all of the possibilities of "translate to:"
map network: 192.168.1.0/27
and tried ip-> NAT, No Nat..
->>no connect from the web to one of the Servers at Orange possible.
Next try:
(disable all DNAT/Incoming r Traffic rules)
Source Nat
Source xx.yy.zz.0/27 (the range of our public IPs)
Target 192.168.1.0/27
Service/Port: all/TCP+UDP
NAT:
try1 - NAT->Auto
try2 - No Nat
try3 - Map Network to: 192.168.1.0/27
->>whatever, no connect from the web to one of the Servers at Orange possible.
another try:
(disable all SNAT and DNAT rules)
Incoming routed Traffic
Source: RED, Target ORANGE
Service/Port All/TCP+UDP
->>no connect from the web to one of the Servers at Orange possible.
All attempts were in vain and the problem is, i've got no idea how to get it up.
Maybe PEBKAC :-)
My approach or understanding of the efw maybe quite different from that of the efw-programmers.
If there is anybody with a similar situation some tipps are greatly appreciated!
TIA
Timo
Logged
bodie
Full Member
Offline
Posts: 10
Re: 2.3: Need help: WebServer in DMZ, Understanding DNAT/SNAT/Inco
«
Reply #1 on:
Monday 08 March 2010, 08:29:56 am »
I've setup all the public IP's on the servers in the orange and thusly redirected trafic. Made my life a lot easier.
this is what i done.
EFW orange setup with external IP
under firewall / Incoming routed traffic - create forwarding rule as follows
Source is - Uplink (red)
Destination - External IP address withing the orange
etc
hope this helps
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.07 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com