Assigning PUblic ip and allowing LAN machine to be accesible outside world

[Guest]

[nicolethomson]

Hi
Good day everybody,
Forgive me for being so dumb,
I am trying to allow my apache webserver accessible for outside people, today my isp gave me a public ip,

Internet ->122.xx..12:80->192.168.1.2:80

at present i have only Green zone enabled, didnt use other zones. my machine is in Green zone. with static lan ip

How this can be done, since i dont know the terminology tobe used, not able to search through the forum.
pls help

Nic

[nicolethomson]

oh my god, is it so tough, havent even got a single response guide?

[nicolethomson]

is this the one i need to?

www . efwsupport . com/index.php?topic=1422.0

can someone out there help me pls

[mrkroket]

Because this is a basic routing question.
If you don't know how to make a port forward, I can't recommend you to make a public Web Server.             

Anyways, just use you public IP as RED interface, check that you can surf internet.
Then create a rule on Firewall->Port Forwarding to allow TCP ports 80 and 443  and forward them to your internal GREEN ip.

[nicolethomson]

thanks mrkroket,

i am trying to add another red interface, but not getting that, spent yesterday in searching, System->Network configuration->Ethernet Interface-> shows only orange and blue, red is not available.

Already in red interface i have added one public ip, but the isp provided me 8 more ip's, so i thought of using one of them other than my outgoing public ip, (btw, i am already using apache 2.2x webserver in amazon cloud which hosts my photos/),

now instead of paying amazon, i thought i will use the resource what i have.

If that is not wrong pls help me ..

Nicole
always we will be learning in our life .

[mrkroket]

Uplinks are defined on Network->Interfaces. But there is no need, you can add additional IP's to your same RED interface.

[nicolethomson]

thanks mrkroket

accept my apologies for not responding for last two days.

added additional IP's to same red now.

and did port forwarding 122.xx..12 Incoming service port 80 -> Translate to 192.168.xx.12 port/range 80 NAT  clicked on enabled.

position after rule number 1


is this right

[mrkroket]

That's correct. You can also use the <ANY Uplink> instead of your public IP, it's easier if by any reason you change your public IP or have more than one.

[nicolethomson]

still not able to access?

actually for 121...20 the subnet is 255.255.255.252

and the public ip i am trying is 122...12 /255.255.255.248

is that the reason it is not allowing to access?

[nicolethomson]

okay had some success with a compromise

yes, i move the port forwarding rule moved to top, but now the openvpn seems getting affected,

Uplink ANY  <ANY>ALLOW with IPS     192.x.x.13    up0down0disable0add_external0anyedit0delete0
     ALLOW with IPS from:  <ANY>

Uplink ANY  <ANY>ALLOW with IPS     192.x.x.2   vpn

can u pls help me

[mrkroket]

You dont need to create any openvpn rule, they are auto-created.
On port forward rule you must define the ports you want to relay.  TCP 80 for http and TCP 443 for https

[nicolethomson]

thanks for spending your time

initially i tried with 80 when i was having difficulty, i tried it with "any any",

yes openvpn generated its own rule, but here i am finding the issue is who will be first, if webservice is in first, then i can access the webserver, vpn is not working, if vpn is in first then it works fine, but webservice is having difficult.

[nicolethomson]

still i am priorotizing the rule manually, is there any ways we can do this?

[mrkroket]

You must do something wrong. Port forwanding works ok when you define ports.
I can't recommend to tweak anything to get the ANY ANY rule to work.  Maybe tweaking the config templates, but it's better to just create the correct rule.

I attached the incoming rule I have for HTTP. It works for me.

[nicolethomson]

really dont know where i am doing wrong,

[nicolethomson]

okay prepared another system with efw and replaced the old, with the similar setup, only thing i did was configured the openvpn later, dont know how this makes the different,

but thanks mrkroket.

yours is a really quick response most of the time.

[nicolethomson]

again i am in the same boat

tried adding port forwarding with another port, but lost both. only vpn is working.

[nicolethomson]

here is the tcpdump

openvpn: Flags , seq 3955440066, win 14600, options [mss 1460,sackOK,TS val 1342059 ecr 0,nop,wscale 7], length 0