Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 27 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 30889 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

xg firewall home and nas or any devices on my network

Daniel C

hi everyone !

 

So i'm testing xg firewall on a virtual machine on my nas.

 

So i configured it this way :

 

* my dsl modem (router, freebox for the one who knows it) in 192.168.1.254 (no dhcp). DMZ : ip of the sophos wan port, 192.168.1.18

* the sophos xg virtual machine with

192.168.2.1 <= lan port

192.168.1.18 <= wan port

dhcp server from 192.168.2.5 to 192.168.2.50

 

* my nas : ip : 192.168.2.7

 

I have a domain name, which i pointed to my external IP address (from my network provider, free)

 

So, i try to reach my nas on my network, with my domain, but....no luck !

I created a business policy (dnat, full nat), like explained in the tutorial, but....it doesn't work. community.sophos.com/.../122976

i tried with https (on port 44300) and http (port 8080) but doesn't work.

 

so, did i do something wrong ?

what i have forgotten ?

 

could you please help me ?

(sorry for my english, i'm french :-))



This thread was automatically locked due to age.
Parents
  • 0

    Hi Daniel,

    Check if the traffic on the configure port reaches the XG. Take console access to the XG and run, tcpdump 'port 4430. If there is no traffic reaching the XG then check the local configuration on the DSL modem. Also, as Luk suggested you cannot configure similar subnet on two different interfaces.

    Thanks

  • 0 in reply to sachingurung

    hi all

    i did what you asked.

    When i tried to connect to my nas, from my home (but with my domain name) :

    tcpdump 'port 44300

    18:37:04.966913 Port1, IN: IP 192.168.2.5.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, win
    8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    18:37:04.967712 Port2, OUT: IP 192.168.1.18.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, w
    in 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    18:37:07.972381 Port1, IN: IP 192.168.2.5.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, win
    8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    18:37:07.972999 Port2, OUT: IP 192.168.1.18.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, w
    in 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    18:37:13.977327 Port1, IN: IP 192.168.2.5.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, win
    8192, options [mss 1460,nop,nop,sackOK], length 0
    18:37:13.978156 Port2, OUT: IP 192.168.1.18.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, w
    in 8192, options [mss 1460,nop,nop,sackOK], length 0


    18 packets captured 
    18 packets received by filter 
    0 packets dropped by kernel



    i don't know what that mean.

    but it connect to my public IP.

Reply
  • 0 in reply to sachingurung

    hi all

    i did what you asked.

    When i tried to connect to my nas, from my home (but with my domain name) :

    tcpdump 'port 44300

    18:37:04.966913 Port1, IN: IP 192.168.2.5.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, win
    8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    18:37:04.967712 Port2, OUT: IP 192.168.1.18.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, w
    in 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    18:37:07.972381 Port1, IN: IP 192.168.2.5.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, win
    8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    18:37:07.972999 Port2, OUT: IP 192.168.1.18.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, w
    in 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    18:37:13.977327 Port1, IN: IP 192.168.2.5.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, win
    8192, options [mss 1460,nop,nop,sackOK], length 0
    18:37:13.978156 Port2, OUT: IP 192.168.1.18.49392 > PUBLIC.IP.44300: Flags [ S ], seq 2612920556, w
    in 8192, options [mss 1460,nop,nop,sackOK], length 0


    18 packets captured 
    18 packets received by filter 
    0 packets dropped by kernel



    i don't know what that mean.

    but it connect to my public IP.

Children
  • 0 in reply to Daniel C

    Hi Daniel,

    You need to configure the virtual ethernet on the XG for WAN as NAT. I think the XG WAN interface is bridged. Why I think so is because the traffic from the source PC comes in from the LAN IP address instead of the WAN Interface IP.

    So the interface configuration on the Virtual XG:

    LAN = Bridged

    WAN = NATed

    Thanks

  • 0 in reply to sachingurung

    hi

    thanks

    and how do I do that ?

     

    because the traffic from the source PC comes in from the LAN IP address instead of the WAN Interface IP.

    you said so because of the tcpdump right ?

    but, it was normal since I launched the tcpdump from my lan.

     

    Could you explain and details ?

    i repeat, i'm a noob...and a french noob. So sometimes, it's quite difficult to understand in english.