Port Forwarding from Red to Green

[Guest]

[rdbates]

Let me start by saying I'm an Endian "noob". 

I've setup plenty of firewalls in the past, each has their own quirks, and I'm having trouble setting up a basic port forward/translate to allow users Terminal Services access.

I setup a  rules in Destination Port Forwarding, one to translate incoming from RED on port 33890/TCP to SERVER1 on the GREEN network on port 3389 and another to translate incoming from RED on 33891/TCP to SERVER2 on the GREEN network on port 3389.

My question is this: Is there some other master setting which is blocking the forwarding that I'm missing?  Does what I described sound right?

Any suggestions would be greatly appreciated.

Thanks!

Rich Bates

[bayross]

You also need to create a rule under "System Access", otherwise it will not work.
Garrett

[rdbates]

You also need to create a rule under "System Access", otherwise it will not work.
Garrett

Thanks for the help - tried it - still having a problem.

Do I need to setup a Source NAT for comm back outside?  How about rules under Incoming Routed Traffic?

I have yet to successfully setup any port forwarding ad my boss is getting itchy

PS: Once I get any port forwarding working I assume I can setup 10443 for HTTPS management from the outside world?

[bayross]

I wouldnt recommend making you Firewall GUI accessible to the outside world. If anything set it up so you VPN into your network and then connect to the EFW.
Try this... just alter the ports, etc as necessary.

In Firewall, configure a Destination NAT rule as follows:
Access: ANY Uplink
Target: ANY Uplink
Service HTTP
Protocol: TCP
Target: 80
Translate to: TYPE IP
DNAT Policy: NAT
IP: {WEBSERVER IP on GREEN INTERFACE}
Port Range: 80

Save and apply rule

Then go to Firewall, configure System Access rule as follows:
Source Address: {leave blank}
Source Interface: RED
Service HTTP
Protocol: TCP
Target: 80
Policy: ACTION "ALLOW"

Save and apply and you should be good to go. You will now be able to access the specified server externally (Red zone to green zone)

Garrett

[rdbates]

I wouldnt recommend making you Firewall GUI accessible to the outside world. If anything set it up so you VPN into your network and then connect to the EFW.
Try this... just alter the ports, etc as necessary.

In Firewall, configure a Destination NAT rule as follows:
Access: ANY Uplink
Target: ANY Uplink
Service HTTP
Protocol: TCP
Target: 80
Translate to: TYPE IP
DNAT Policy: NAT
IP: {WEBSERVER IP on GREEN INTERFACE}
Port Range: 80

Save and apply rule

Then go to Firewall, configure System Access rule as follows:
Source Address: {leave blank}
Source Interface: RED
Service HTTP
Protocol: TCP
Target: 80
Policy: ACTION "ALLOW"

Save and apply and you should be good to go. You will now be able to access the specified server externally (Red zone to green zone)

Garrett

PROBLEM SOLVED!!!!!

Thanks alot for your help!

[bayross]

No problem, glad to help out.

[gdPAC]

System access rules grant access to the Endian Firewall itself.  You just instructed him to give port 80 access to the EFW from the Internet.  I don't think that's recommended.

Glen

[bayross]

You are right!! My mistake, just disable system access rules and you should be good.

[vikash]

Interfaces : 2 - GREEN and RED (PPPoE)
WAN (RED) : Dynamic IP PPPoE
LAN (GREEN) : 192.168.1.0/24

Local server on GREEN interface IP : 192.168.1.10
Services to be forwarded WAN2LAN : HTTP, HTTPS, SSH, FTP

Dynamic DNS with wildcard www.host.dyndns.org -> Uplink main IP (RED).

Hi, Ive been trying to do the same thing, and the Destination NAT worked for me. Thanks!

However I cannot access my webserver from with-in the GREEN network (ie. my PC) using the external address. I believe its called loopback NAT. This usually works by default using an off the shelf BB router such as linksys/dlink/etc.

Any idea on how to enable this? Ive tested this on EFW 2.3 and 2.2 with same results.

Thanks.
Vikash.

[vlongjvc]

I have followed above instructions but the status of the connection is: SYN_SENT, the connection is failed  . Have anyone face this issue? Port forwarding is a little bit complicated compare with version 2.2

[vlongjvc]

Following the instructions from here (http://bugs.endian.com/view.php?id=2191) and my ploblem is solved. Thanks Peter, now Endian 2.3 works perfectly for me!

[jacklib]

Can anybody please elaborate on how did they fix the loopback NAT? I tried Peter's suggestion to create a host entry with my Public IP but it doesn't work.