Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 1695 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP-Adressen freigeben

Lubos Novy

Hallo zusammen,

in unserem Betrieb wurde heute ein EC-Zahlungsterminal von unsere Bank installiert. Ich muss für die Kommunikation bestimmte externe IP-Adressen mit Ports freigeben.
Das habe ich unten "Regeln und Richtlinien" erledigt. Irgendwo mache ich aber was verkehrt. Anbei Bild:

Unten "Zahlungsterminal_IP" sind die IP-Adressen von der Externe Quelle aufgelistet. Unter Dienste dann die Ports.

Ich habe auch schon eine Ausnahme bei "Web" hinzugefügt. Leider auch ohne Erfolg.

Vielen Dank im Voraus für Ihre Antworten. 

Viele Grüße

Lubos



This thread was automatically locked due to age.

Top Replies

  • +1 suggested

    On which side LAN or WAN does the connection start? Usually one is the sender and the firewall will let through the traffic/answers from the other side.

    If LAN is a private IP network I'd assume that you are communincating LAN -> WAN. In this case you also need to create a (Source NAT) SNAT Rule.
     
    (If the connection is WAN -> LAN then you need to set up #Zahlungsterminal multiplied  by #Zahlungsterminal_Ports (Destination NAT) DNAT Rules)


    If you are using public internet addresses on both sides you do not need NAT and the above setting should work.

    Jump to answer
Parents
  • 0

    Hi Lubos,

    in case you are running SFOS v18 you need to apply DNAT rule under 'NAT rules'!

    Here you should set 'Original source' to your IP-List of known external IPs, 'Original Destination' to your WAN Port and 'Original service' to Zahlungsterminal. Furthermore set 'Inbound interface' to WAN Port (#Port2) and 'Translated destination (DNAT)' to Zahlungsterminal as well. Leave the rest as default.

    Viel Erfolg Slight smile

  • 0 in reply to njabi

    Good Morning Njabi,

    i set up everything how you say, but still doesn't work. 

    "Original source" is the IP-List of known external IPs
    #Port6 is our WAN Port
    Original service are the ports of the services
    SNAT default. DNAT ist the IP of the machine, PAT default
    inbound interface is our WAN Port #Port6 
    outbound interface default

    what I'm doint wrong? Did i miss something to set up?

    Thank you guys for your help!

Reply
  • 0 in reply to njabi

    Good Morning Njabi,

    i set up everything how you say, but still doesn't work. 

    "Original source" is the IP-List of known external IPs
    #Port6 is our WAN Port
    Original service are the ports of the services
    SNAT default. DNAT ist the IP of the machine, PAT default
    inbound interface is our WAN Port #Port6 
    outbound interface default

    what I'm doint wrong? Did i miss something to set up?

    Thank you guys for your help!

Children
No Data