Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 27 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 30878 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

xg firewall home and nas or any devices on my network

Daniel C

hi everyone !

 

So i'm testing xg firewall on a virtual machine on my nas.

 

So i configured it this way :

 

* my dsl modem (router, freebox for the one who knows it) in 192.168.1.254 (no dhcp). DMZ : ip of the sophos wan port, 192.168.1.18

* the sophos xg virtual machine with

192.168.2.1 <= lan port

192.168.1.18 <= wan port

dhcp server from 192.168.2.5 to 192.168.2.50

 

* my nas : ip : 192.168.2.7

 

I have a domain name, which i pointed to my external IP address (from my network provider, free)

 

So, i try to reach my nas on my network, with my domain, but....no luck !

I created a business policy (dnat, full nat), like explained in the tutorial, but....it doesn't work. community.sophos.com/.../122976

i tried with https (on port 44300) and http (port 8080) but doesn't work.

 

so, did i do something wrong ?

what i have forgotten ?

 

could you please help me ?

(sorry for my english, i'm french :-))



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    i do not understand.

     

    the wan is the port2 on the sophos.

     

    the dmz is set on my dsl router.

     

    what do you mean by "make sure on your router you configure 2 different IP for WAN and DMZ "

     

    On my dsl router, i only configure the dmz,

     

    what do you call "wan" ?

     

    (in the sophos, there is 2 Ips : one for the lan (port1) and one for the wan (port2))

    so in the sophos, what do I put in the wan ?

     

    and in my dsl router, what do I put in the dmz ?

  • 0 in reply to Daniel C

    Daniel,

    You router should have wan, LAN and dmz.

    Each interface uses a different ip.

    Can you share a small network diagram?

    Thanks

  • 0 in reply to lferrara

    what I call the router, is my dsl modem.

    The router is the sophos actually.

     

    internet =======>dsl modem ============> sophos (virtual machine) =============> lan

    public IP ======> 192.168.1.254==========> port1(lan) 192.168.2.1 ==============>192.168.2.XX

                                   dmz : 192.168.1.18=======>port2(wan) 192.168.1.18

     

    is it more clear ?

     

    thanks for trying to help me :-)

  • 0 in reply to Daniel C
    Sorry Daniel, But still not clear. You have 192.168.1.254 and 192.168.1.18 on 2 different interfaces?
  • 0 in reply to lferrara

    On the dsl modem:

    The 192.168.1.254 is the physical IP of the dsl modem.

    The 192.168.1.18 is not an interface. In the configuration of my dsl modem, i can declare a dmz. This is where i  put the 192.168.1.18.

    Sorry if im not clear, but not easy in english

  • 0 in reply to lferrara

    On the dsl modem:

    The 192.168.1.254 is the physical IP of the dsl modem.

    The 192.168.1.18 is not an interface. In the configuration of my dsl modem, i can declare a dmz. This is where i  put the 192.168.1.18.

    Sorry if im not clear, but not easy in english

  • 0 in reply to lferrara

    hi,

     

    On the dsl modem:
    The 192.168.1.254 is the physical IP of the dsl modem.
    The 192.168.1.18 is not an interface. In the configuration of my dsl modem, i can declare a dmz. This is where i  put the 192.168.1.18.

    Sorry if im not clear, but not easy in english

     

    ps: most of the time, i received a message from the forum that says: my message is  "inappropriate" ? What does that mean ?

  • 0 in reply to Daniel C

    Daniel,

    your DSL modem has different interfaces and so different IP. Assign to DMZ interface a different IP than 192.168.1.x/24 and 192.168.2.x/24, for example 192.168.3.0 and adjust the other settings needed.

    Thanks

  • 0 in reply to lferrara

    Hi Luk

    i can't.

     

    On my dsl modem, the dmz must be in the same network as the dsl modem.

     

    let's start over :

    how do you configure the sophos ?

    port1 the lan : let says 192.168.2.XX

    port2 the wan: let says 192.168.1.XX

                             gateway : 192.168.1.254 (ip of my dsl modem)

    am I right ?

     

    so, on my dsl modem, i must declare a dmz, wich is the wan(port2) of the sophos ?

    i'm still right ?

  • 0 in reply to Daniel C

    HI Daniel ,

    As per my understanding , you wish to communicate your NAS drive from the WAN (Internet) . Why was the DNAT created between 192.168.2.50 instead of 192.168.2.7 ?

    Also you would need to check if the virtual host is configured the same on the DSL modem and forwarded to XG WAN interface.