EFW Support

Hi
Good day everybody,
Forgive me for being so dumb,
I am trying to allow my apache webserver accessible for outside people, today my isp gave me a public ip,

Internet ->122.xx..12:80->192.168.1.2:80

at present i have only Green zone enabled, didnt use other zones. my machine is in Green zone. with static lan ip

How this can be done, since i dont know the terminology tobe used, not able to search through the forum.
pls help

Nic

oh my god, is it so tough, havent even got a single response guide?

is this the one i need to?

www . efwsupport . com/index.php?topic=1422.0

can someone out there help me pls

Because this is a basic routing question.
If you don't know how to make a port forward, I can't recommend you to make a public Web Server.             

Anyways, just use you public IP as RED interface, check that you can surf internet.
Then create a rule on Firewall->Port Forwarding to allow TCP ports 80 and 443  and forward them to your internal GREEN ip.

thanks mrkroket,

i am trying to add another red interface, but not getting that, spent yesterday in searching, System->Network configuration->Ethernet Interface-> shows only orange and blue, red is not available.

Already in red interface i have added one public ip, but the isp provided me 8 more ip's, so i thought of using one of them other than my outgoing public ip, (btw, i am already using apache 2.2x webserver in amazon cloud which hosts my photos/),

now instead of paying amazon, i thought i will use the resource what i have.

If that is not wrong pls help me ..

Nicole
always we will be learning in our life .

Uplinks are defined on Network->Interfaces. But there is no need, you can add additional IP's to your same RED interface.

thanks mrkroket

accept my apologies for not responding for last two days.

added additional IP's to same red now.

and did port forwarding 122.xx..12 Incoming service port 80 -> Translate to 192.168.xx.12 port/range 80 NAT  clicked on enabled.

position after rule number 1


is this right

That's correct. You can also use the <ANY Uplink> instead of your public IP, it's easier if by any reason you change your public IP or have more than one.

still not able to access?

actually for 121...20 the subnet is 255.255.255.252

and the public ip i am trying is 122...12 /255.255.255.248

is that the reason it is not allowing to access?

okay had some success with a compromise

yes, i move the port forwarding rule moved to top, but now the openvpn seems getting affected,

Uplink ANY  <ANY>ALLOW with IPS     192.x.x.13    up0down0disable0add_external0anyedit0delete0
     ALLOW with IPS from:  <ANY>

Uplink ANY  <ANY>ALLOW with IPS     192.x.x.2   vpn

can u pls help me

You dont need to create any openvpn rule, they are auto-created.
On port forward rule you must define the ports you want to relay.  TCP 80 for http and TCP 443 for https

thanks for spending your time

initially i tried with 80 when i was having difficulty, i tried it with "any any",

yes openvpn generated its own rule, but here i am finding the issue is who will be first, if webservice is in first, then i can access the webserver, vpn is not working, if vpn is in first then it works fine, but webservice is having difficult.

still i am priorotizing the rule manually, is there any ways we can do this?

You must do something wrong. Port forwanding works ok when you define ports.
I can't recommend to tweak anything to get the ANY ANY rule to work.  Maybe tweaking the config templates, but it's better to just create the correct rule.

I attached the incoming rule I have for HTTP. It works for me.

really dont know where i am doing wrong,

okay prepared another system with efw and replaced the old, with the similar setup, only thing i did was configured the openvpn later, dont know how this makes the different,

but thanks mrkroket.

yours is a really quick response most of the time.

again i am in the same boat

tried adding port forwarding with another port, but lost both. only vpn is working.

here is the tcpdump

openvpn: Flags , seq 3955440066, win 14600, options [mss 1460,sackOK,TS val 1342059 ecr 0,nop,wscale 7], length 0