Title: NAT Problems-Traffic not crossing zones. Post by: rosiakc on Saturday 11 February 2012, 08:55:17 am .
Title: Re: NAT Problems-Traffic not crossing zones. Post by: davvidde on Sunday 12 February 2012, 12:42:22 pm I think you have made some mistakes in your firewall project:
The red interface should not be ping from internal LAN, only the green and all interfaces on the Internet that have been enabled. This is done by the default firewall configuration. You should notice in Firewall->outgoing firewall the following line: (if it is not present then add it) Source: GREEN ORANGE BLUE Destination: RED Service: ICMP/8 ICMP/30 ALLOW with IPS allow PING Also if you go to a computer that is outside your firewall (RED) you should NOT ping any of your internal PC otherwise you do not need a firewall but a simple router. Also the source NAT rule to allow GREEN traffic to go to RED should be generated by default; check Firewall->Port forwarding->Source NAT->show_system_rules You should only need a port forwarding rule to route incoming traffic in RED to your internal IP server (assure you use private IP addresses for your internal LAN) Next, if you have made the following two step, you should not use a firewall because it is useless: Made an incoming routed traffic rule to forward all incoming traffic on RED to be passed to the Server on Green LAN. Disabled the IPS, and outgoing traffic firewall, and made a system access rule to allow all traffic from red to go to green, and made policy routing rules to allow all traffic./li] Davide. Title: Re: NAT Problems-Traffic not crossing zones. Post by: rosiakc on Monday 13 February 2012, 01:48:03 am .
Title: Re: NAT Problems-Traffic not crossing zones. Post by: kashifmax on Tuesday 03 April 2012, 07:14:39 pm Same issue with me too. I am using EFW v2.5
Interface are Green 192.168.0.1 Red 192.168. Title: Re: NAT Problems-Traffic not crossing zones. Post by: kashifmax on Thursday 05 April 2012, 08:11:51 pm I think you have made some mistakes in your firewall project: The red interface should not be ping from internal LAN, only the green and all interfaces on the Internet that have been enabled. This is done by the default firewall configuration. You should notice in Firewall->outgoing firewall the following line: (if it is not present then add it) Source: GREEN ORANGE BLUE Destination: RED Service: ICMP/8 ICMP/30 ALLOW with IPS allow PING Also if you go to a computer that is outside your firewall (RED) you should NOT ping any of your internal PC otherwise you do not need a firewall but a simple router. Also the source NAT rule to allow GREEN traffic to go to RED should be generated by default; check Firewall->Port forwarding->Source NAT->show_system_rules You should only need a port forwarding rule to route incoming traffic in RED to your internal IP server (assure you use private IP addresses for your internal LAN) Next, if you have made the following two step, you should not use a firewall because it is useless: Made an incoming routed traffic rule to forward all incoming traffic on RED to be passed to the Server on Green LAN. Disabled the IPS, and outgoing traffic firewall, and made a system access rule to allow all traffic from red to go to green, and made policy routing rules to allow all traffic./li] Davide. Dear Davvidee, Same issue with me too. I am using EFW v2.5 Interface are Green 192.168.0.1 Blue 172. Title: Re: NAT Problems-Traffic not crossing zones. Post by: kashifmax on Saturday 07 April 2012, 11:15:37 pm Hmmm :-)
|