Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 27 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 30889 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

xg firewall home and nas or any devices on my network

Daniel C

hi everyone !

 

So i'm testing xg firewall on a virtual machine on my nas.

 

So i configured it this way :

 

* my dsl modem (router, freebox for the one who knows it) in 192.168.1.254 (no dhcp). DMZ : ip of the sophos wan port, 192.168.1.18

* the sophos xg virtual machine with

192.168.2.1 <= lan port

192.168.1.18 <= wan port

dhcp server from 192.168.2.5 to 192.168.2.50

 

* my nas : ip : 192.168.2.7

 

I have a domain name, which i pointed to my external IP address (from my network provider, free)

 

So, i try to reach my nas on my network, with my domain, but....no luck !

I created a business policy (dnat, full nat), like explained in the tutorial, but....it doesn't work. community.sophos.com/.../122976

i tried with https (on port 44300) and http (port 8080) but doesn't work.

 

so, did i do something wrong ?

what i have forgotten ?

 

could you please help me ?

(sorry for my english, i'm french :-))



This thread was automatically locked due to age.
Parents
  • 0

    Daniel,

    if you are trying to access your internal servers externally, make sure your DSL modem has the proper DNAT to forward all traffic to XG WAN port, otherwise traffic is blocked on DSL modem.

    If you already checked it, share the screenshot of the firewall rules you have created.

    Thanks

  • 0 in reply to lferrara

    Hi.

    I cant do that because the sophos is on 192.168.2.Xx and my dsl router is on 192.168.1.Xx

    It does notre accept IP on 192.168.2

    Moreover, the sophos is on the dmz of my dsl router. So it should be right, no ?

     

    make sure your DSL modem has the proper DNAT to forward all traffic to XG WAN port, otherwise traffic is blocked on DSL modem.

    how do I do that if the dmz is not enough / ok ?

    as you asked:

     

  • 0 in reply to lferrara

    i do not understand.

     

    the wan is the port2 on the sophos.

     

    the dmz is set on my dsl router.

     

    what do you mean by "make sure on your router you configure 2 different IP for WAN and DMZ "

     

    On my dsl router, i only configure the dmz,

     

    what do you call "wan" ?

     

    (in the sophos, there is 2 Ips : one for the lan (port1) and one for the wan (port2))

    so in the sophos, what do I put in the wan ?

     

    and in my dsl router, what do I put in the dmz ?

  • 0 in reply to Daniel C

    Daniel,

    You router should have wan, LAN and dmz.

    Each interface uses a different ip.

    Can you share a small network diagram?

    Thanks

  • 0 in reply to lferrara

    what I call the router, is my dsl modem.

    The router is the sophos actually.

     

    internet =======>dsl modem ============> sophos (virtual machine) =============> lan

    public IP ======> 192.168.1.254==========> port1(lan) 192.168.2.1 ==============>192.168.2.XX

                                   dmz : 192.168.1.18=======>port2(wan) 192.168.1.18

     

    is it more clear ?

     

    thanks for trying to help me :-)

  • 0 in reply to Daniel C
    Sorry Daniel, But still not clear. You have 192.168.1.254 and 192.168.1.18 on 2 different interfaces?
  • 0 in reply to lferrara

    On the dsl modem:

    The 192.168.1.254 is the physical IP of the dsl modem.

    The 192.168.1.18 is not an interface. In the configuration of my dsl modem, i can declare a dmz. This is where i  put the 192.168.1.18.

    Sorry if im not clear, but not easy in english

  • 0 in reply to lferrara

    On the dsl modem:

    The 192.168.1.254 is the physical IP of the dsl modem.

    The 192.168.1.18 is not an interface. In the configuration of my dsl modem, i can declare a dmz. This is where i  put the 192.168.1.18.

    Sorry if im not clear, but not easy in english

  • 0 in reply to lferrara

    hi,

     

    On the dsl modem:
    The 192.168.1.254 is the physical IP of the dsl modem.
    The 192.168.1.18 is not an interface. In the configuration of my dsl modem, i can declare a dmz. This is where i  put the 192.168.1.18.

    Sorry if im not clear, but not easy in english

     

    ps: most of the time, i received a message from the forum that says: my message is  "inappropriate" ? What does that mean ?

  • 0 in reply to Daniel C

    Daniel,

    your DSL modem has different interfaces and so different IP. Assign to DMZ interface a different IP than 192.168.1.x/24 and 192.168.2.x/24, for example 192.168.3.0 and adjust the other settings needed.

    Thanks

  • 0 in reply to lferrara

    Hi Luk

    i can't.

     

    On my dsl modem, the dmz must be in the same network as the dsl modem.

     

    let's start over :

    how do you configure the sophos ?

    port1 the lan : let says 192.168.2.XX

    port2 the wan: let says 192.168.1.XX

                             gateway : 192.168.1.254 (ip of my dsl modem)

    am I right ?

     

    so, on my dsl modem, i must declare a dmz, wich is the wan(port2) of the sophos ?

    i'm still right ?

  • 0 in reply to Daniel C

    HI Daniel ,

    As per my understanding , you wish to communicate your NAS drive from the WAN (Internet) . Why was the DNAT created between 192.168.2.50 instead of 192.168.2.7 ?

    Also you would need to check if the virtual host is configured the same on the DSL modem and forwarded to XG WAN interface.

Reply
  • 0 in reply to Daniel C

    HI Daniel ,

    As per my understanding , you wish to communicate your NAS drive from the WAN (Internet) . Why was the DNAT created between 192.168.2.50 instead of 192.168.2.7 ?

    Also you would need to check if the virtual host is configured the same on the DSL modem and forwarded to XG WAN interface.

Children
  • 0 in reply to Aditya Patel

    hi

     

    My bad. My nas has 3 IPs : 192.168.2.7, 192.168.2.50 and 192.168.2.51. So, it has no incidence normally.

     

    what do you mean by that :

    "Also you would need to check if the virtual host is configured the same on the DSL modem and forwarded to XG WAN interface."

     

    edit : i do not understand your diagram.

    My dsl modem has this ip: 192.168.1.254

    Why on your diagram the dmz zone is 192.168.1.254 ?

    On the interface of the dsl modem, i declare the dmz IP as 192.168.1.18 (which is the ip of the sophos wan)., which should be good because, this mean all the trafic is forwarded to the wan of the sophos. no ?

     

    i don't understand the virtualhost part.

     

    thanks,

  • 0 in reply to Daniel C

    Daniel,

    We still do not understand your network. Upload a network diagram as Aditya did.

  • 0 in reply to lferrara

    here it is : i don't know if it is more clear....

     

    (yes, there are only 3 IP for the nas, because one NIC is not in use).