NAT Forwarding Issue

[Guest]

[mboudro]

I am trying to forward port 80 traffic to my internal web server which is located on the /24 subnet. I have an external static IP which is on the /29 subnet. I'm relatively well versed in firewalls so I proceeded to set up a DNAT rule to forward from the uplink to the internal server. I also set up firewall rules to allow port 80 into the internal network.

Unfortunately, the DNAT rule is not working as planned. I monitored the connections in the status section of the Endian system and I can see that the DNAT properly directs the packets but they end up being destroyed in the SYN_SENT state. In other words, the TCP packets are not getting a "handshake" (SYN/ACK) from the internal web server. This is also the same with a separate mail server operating on port 443.

Am I missing something simple here? I am currently using a Draytek router in production and it forwards all the ports without issue.

Thanks in advance for you help...

[Fungyo]

I had trouble with port forwarding when using Smoothwall. I would port forward from my Dynalink 1046vw to the Smoothwall machine and then port forward from the Smoothwall to the internal server. This didn't work. So I added my Smoothwall as a DMZ in the Dynalink and it worked.