Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 27 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 30878 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

xg firewall home and nas or any devices on my network

Daniel C

hi everyone !

 

So i'm testing xg firewall on a virtual machine on my nas.

 

So i configured it this way :

 

* my dsl modem (router, freebox for the one who knows it) in 192.168.1.254 (no dhcp). DMZ : ip of the sophos wan port, 192.168.1.18

* the sophos xg virtual machine with

192.168.2.1 <= lan port

192.168.1.18 <= wan port

dhcp server from 192.168.2.5 to 192.168.2.50

 

* my nas : ip : 192.168.2.7

 

I have a domain name, which i pointed to my external IP address (from my network provider, free)

 

So, i try to reach my nas on my network, with my domain, but....no luck !

I created a business policy (dnat, full nat), like explained in the tutorial, but....it doesn't work. community.sophos.com/.../122976

i tried with https (on port 44300) and http (port 8080) but doesn't work.

 

so, did i do something wrong ?

what i have forgotten ?

 

could you please help me ?

(sorry for my english, i'm french :-))



This thread was automatically locked due to age.
Parents
  • 0

    Daniel,

    if you are trying to access your internal servers externally, make sure your DSL modem has the proper DNAT to forward all traffic to XG WAN port, otherwise traffic is blocked on DSL modem.

    If you already checked it, share the screenshot of the firewall rules you have created.

    Thanks

  • 0 in reply to lferrara

    Hi.

    I cant do that because the sophos is on 192.168.2.Xx and my dsl router is on 192.168.1.Xx

    It does notre accept IP on 192.168.2

    Moreover, the sophos is on the dmz of my dsl router. So it should be right, no ?

     

    make sure your DSL modem has the proper DNAT to forward all traffic to XG WAN port, otherwise traffic is blocked on DSL modem.

    how do I do that if the dmz is not enough / ok ?

    as you asked:

     

  • 0 in reply to Daniel C

    Thanks for sharing the screenshots.

    Daniel, can you share the IP/Subnet for each network (wan, dmz, lan) for both DSL Modem and XG?

    DMZ and WAN IP are not clear.

    Thanks

  • 0 in reply to lferrara

    hi

     

    i do not understand what you want exactly.

     

    Ip are written in the screenshot above.

     

    tell me if it is not what you want:

    wan : 192.168.1.18 / 255.255.255.0

    ip of the gateway : 192.168.1.254 (my dsl router)

    dmz : 192.168.1.18 (this ip is set on my dsl router)

    lan : 192.168.2.1 /255.255.255.0

     

    that's what you asked ?

Reply
  • 0 in reply to lferrara

    hi

     

    i do not understand what you want exactly.

     

    Ip are written in the screenshot above.

     

    tell me if it is not what you want:

    wan : 192.168.1.18 / 255.255.255.0

    ip of the gateway : 192.168.1.254 (my dsl router)

    dmz : 192.168.1.18 (this ip is set on my dsl router)

    lan : 192.168.2.1 /255.255.255.0

     

    that's what you asked ?

Children