Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 10:02:17 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Need help for port forwarding
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Need help for port forwarding  (Read 11300 times)
ulim
Jr. Member
*
Offline Offline

Posts: 1


« on: Monday 23 November 2009, 08:56:07 pm »

Hello,

although I have some experience with diverse firewalls, I am a newbie to the Endian firewall. I try to set a 2.3.0 Endian as a firewall for a webserver, but I cannot get it running.

I have set up the following test environment:

Green: Webserver 192.168.100.40 / 16

Red (for testing): 1.110.110.1 / 24

My test PC: 1.110.110.2 /24

When allowing system access from the RED, I can connect to the Endian from Test PC to 1.110.110.1:10443. So, I assume my 1.110.110.1/24 sub net is working. The webserver PC can also connect to the Endian.

I tried the following:
Firewall -> Dest.Nat:
Access from: Uplink main (RED)
Target: Uplink main (RED)
Filter: Allow
Service: http (TCP/80)
DNAT Policy: NAT
Translate to: 192.168.100.40, Port 80

When looking in the firewall log, it says:
Firewall
2009-11-23 10:37:15
PORTFWACCESS:ACCEPT:1 TCP (eth1) 1.110.110.2:50348 -> 192.168.100.40:80 (br0)

However, the test PC cannot establish a connection:
Verbindungsaufbau 1.110.110.1 .. Es konnte keine Verbindung mit dem Hoste hergestellt werden..


Question:
Why does the port forwarding not work?
- do I need an additional route (e.g. static?)  to 192.168.100.40?
- do I need some rules for allowing the connection request to be answered?

BTW, the Endian doesnt answer a ping on the RED. I suspect this is on purpose for security reasons, but I would like to see the ping. How can I enable it?

Thanks very much,

Uli

Logged
glynd
Full Member
***
Offline Offline

Posts: 10


« Reply #1 on: Wednesday 25 November 2009, 05:01:41 pm »

Hello Ulim,

I have the same problem after setting up in the same manner. Did you get any resolution to this?
One thing I have found is that if I enable the proxy ( I m using for SMTP) then mail is delivered correctly but a telnet on port 25  to the red interface from outside, replies with the EFW smtp server.

I too have worked with other firewalls and some of them seem to be configured backwards. What I mean is that the destination interface is actually the public (or Red in EFW parlance) rather than the Red being the source. I haven't tried this but maybe we have it backwards in our minds...

Let me know if you come right
Logged
glynd
Full Member
***
Offline Offline

Posts: 10


« Reply #2 on: Wednesday 25 November 2009, 05:55:18 pm »

The answer to how it works is in the thread http://efwsupport.com/index.php?topic=1064.0
I have tried it and it works although I am not really following the rationale behind it.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com