|
Title: publishing web server from behind a efw green zone to red zone with public IP Post by: popat on Saturday 03 April 2010, 05:19:00 am I have strang problem, i have installed efw 2.3 this morning and I am trying to publish one web server for out side user. i have try using destination NAT , but no luck may be i didn't understand configuration right, can someone walk me thru. we have sevaral external IP available to publish this web server.
Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: koukobin on Saturday 03 April 2010, 07:07:30 am Please post a screenshot from your rule in "destination nat" that you are using to publish your web server.
Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: popat on Wednesday 07 April 2010, 01:07:19 am sorry for late response,i am trying to 1:1 NAT for this web server cause I have multiple site and server, BTW here is screen shot. I have not configure anything else on this FW.
Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: gyp_the_cat on Wednesday 07 April 2010, 02:00:46 am Hi popat,
You say you have multiple IP addresses on the WAN side, I assume that Endian is using one of the IP addresses that you want to use for the web server? Does your webserver at 10.10.1.248 have as it's gateway the IP address of the green interface of the Endian? Gyp Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: popat on Wednesday 07 April 2010, 02:40:22 am here is my configuration.
efw LAN IP 192.168.1.1/24, WAN IP 10.10.1.119/24 web server LAN IP 192.168.1.10 I am trying to assign WAN IP 10.10.1.248 to web server and access web site. Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: gyp_the_cat on Wednesday 07 April 2010, 05:20:38 am In the network setup (System - Network Configuration), have you assigned both the IP addresses onto the red interface?
For instance got 10.10.1.119/24 as the main IP and 10.10.1.248/24 in the additional IP addresses box? Then have you made sure to have selected the right incomming IP in the port forwarding rule? Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: popat on Wednesday 07 April 2010, 05:23:46 am so another word if i want to use 1:1 NAT for IP address. I have to add easch address to red zone ?
Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: gyp_the_cat on Wednesday 07 April 2010, 05:26:28 am Hi popat, I believe so yes.
Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: popat on Wednesday 07 April 2010, 05:34:12 am OK, I will test it later. I have to go.
Thanks for quick reply Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: gyp_the_cat on Wednesday 07 April 2010, 05:35:42 am No problem :) Let us know how you get on.
Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: popat on Thursday 08 April 2010, 01:08:47 am here is confusion, with each IP attached to red zone, they can see FW itself too. is there another way to setup this one to one nat for this EFW?
Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: Steve on Thursday 08 April 2010, 09:20:39 am In your attached image you are forwarding to IP 10.10.1.248 but you don't have the port you are forwarding to.
In the field Port/Range (e.g. 80, 80:88) you need to provide a port - 80 in your case. Title: Re: publishing web server from behind a efw green zone to red zone with public IP Post by: popat on Friday 09 April 2010, 12:29:39 am thanks for reply. I got it working, but now issue is how do i setup one-to-one NAT by assign all my wan IP to red zone my firewall have multiple IP from wan access. so any hacker can hack to my firewall with mutiple address. in my case, I wanted to setup one-to-one NAT but not have multiple ip assign to red zone, that way my firewall has only one address.
|