Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 09 November 2024, 06:04:18 am

Login with username, password and session length

Visit the Official Endian Bug tracker  HERE
14250 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  Installation Support
| | |-+  2.3: Need help: WebServer in DMZ, Understanding DNAT/SNAT/Inco
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: 2.3: Need help: WebServer in DMZ, Understanding DNAT/SNAT/Inco  (Read 14980 times)
Timo
Jr. Member
*
Offline Offline

Posts: 1


« on: Wednesday 23 December 2009, 02:53:00 am »

Hello Everyone,

we're trying to use efw as our new firewallsystem. Maybe the meaning of some items are quite different from what we think of...

efw 2.3 Enterprise demo
server with 4 Nics
- green -> 192.168.3.2
- orange -> 192.168.1.2
- red -> xx.yy.zz.2 (Public IP)
- (hot standby->2nd efw lifebeat)

(web-)server4
-nic1 -> 192.168.3.4 (green)
-nic2 -> 192.168.1.4 (orange)

(web-)server5
-nic1 -> 192.168.3.5 (green)
-nic2 -> 192.168.1.5 (orange)
and so on..

The Servers must be accessible from the web via public IPs (orange). the green net handles Administration, Backup, remote maintenance and so on.
we have a range of 30 public IPs.

Wishing to configure this like:
Public IP xx.yy.zz.4 -> efw -> orange: 192.168.1.4
In an optimal way i put a new server in DMZ with e.g. 192.168.1.10 and this webserver is automatically accessible from outside over the public ip xx.yy.zz.10 - and for all the webservers in the DMZ we have some few general filters (because the webservers are all identical).

My Problem ist to understand the meaning of Destination Nat, Source Nat and Incoming routed Traffic.

What i have tried:
(disable all SNAT and Incoming r Traffic rules)
Destination NAT:
Source: RED, Target: ORANGE, Allow, all/all, and then all of the possibilities of "translate to:"
map network: 192.168.1.0/27
and tried ip-> NAT, No Nat..
->>no connect from the web to one of the Servers at Orange possible.

Next try:
(disable all DNAT/Incoming r Traffic rules)
Source Nat
Source xx.yy.zz.0/27 (the range of our public IPs)
Target 192.168.1.0/27
Service/Port: all/TCP+UDP
NAT:
try1 - NAT->Auto
try2 - No Nat
try3 - Map Network to: 192.168.1.0/27
->>whatever, no connect from the web to one of the Servers at Orange possible.

another try:
(disable all SNAT and DNAT rules)
Incoming routed Traffic
Source: RED, Target ORANGE
Service/Port All/TCP+UDP
->>no connect from the web to one of the Servers at Orange possible.

All attempts were in vain and the problem is, i've got no idea how to get it up.

Maybe PEBKAC :-)
My approach or understanding of the efw maybe quite different from that of the efw-programmers.

If there is anybody with a similar situation some tipps are greatly appreciated!

TIA
Timo


Logged
bodie
Full Member
***
Offline Offline

Posts: 10


« Reply #1 on: Monday 08 March 2010, 08:29:56 am »

I've setup all the public IP's on the servers in the orange and thusly redirected trafic. Made my life a lot easier.

this is what i done.

EFW orange setup with external IP

under firewall / Incoming routed traffic - create forwarding rule as follows
Source is - Uplink (red)
Destination - External IP address withing the orange
etc

hope this helps
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com