Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 27 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 30889 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

xg firewall home and nas or any devices on my network

Daniel C

hi everyone !

 

So i'm testing xg firewall on a virtual machine on my nas.

 

So i configured it this way :

 

* my dsl modem (router, freebox for the one who knows it) in 192.168.1.254 (no dhcp). DMZ : ip of the sophos wan port, 192.168.1.18

* the sophos xg virtual machine with

192.168.2.1 <= lan port

192.168.1.18 <= wan port

dhcp server from 192.168.2.5 to 192.168.2.50

 

* my nas : ip : 192.168.2.7

 

I have a domain name, which i pointed to my external IP address (from my network provider, free)

 

So, i try to reach my nas on my network, with my domain, but....no luck !

I created a business policy (dnat, full nat), like explained in the tutorial, but....it doesn't work. community.sophos.com/.../122976

i tried with https (on port 44300) and http (port 8080) but doesn't work.

 

so, did i do something wrong ?

what i have forgotten ?

 

could you please help me ?

(sorry for my english, i'm french :-))



This thread was automatically locked due to age.
  • 0 in reply to Daniel C

    HI Daniel ,

    As per my understanding , you wish to communicate your NAS drive from the WAN (Internet) . Why was the DNAT created between 192.168.2.50 instead of 192.168.2.7 ?

    Also you would need to check if the virtual host is configured the same on the DSL modem and forwarded to XG WAN interface.

  • 0 in reply to Aditya Patel

    hi

     

    My bad. My nas has 3 IPs : 192.168.2.7, 192.168.2.50 and 192.168.2.51. So, it has no incidence normally.

     

    what do you mean by that :

    "Also you would need to check if the virtual host is configured the same on the DSL modem and forwarded to XG WAN interface."

     

    edit : i do not understand your diagram.

    My dsl modem has this ip: 192.168.1.254

    Why on your diagram the dmz zone is 192.168.1.254 ?

    On the interface of the dsl modem, i declare the dmz IP as 192.168.1.18 (which is the ip of the sophos wan)., which should be good because, this mean all the trafic is forwarded to the wan of the sophos. no ?

     

    i don't understand the virtualhost part.

     

    thanks,

  • 0 in reply to Daniel C

    Daniel,

    We still do not understand your network. Upload a network diagram as Aditya did.

  • 0 in reply to lferrara

    here it is : i don't know if it is more clear....

     

    (yes, there are only 3 IP for the nas, because one NIC is not in use).

  • 0 in reply to Daniel C

    Hi Daniel,

    You need to configure the virtual ethernet on the XG for WAN as NAT. I think the XG WAN interface is bridged. Why I think so is because the traffic from the source PC comes in from the LAN IP address instead of the WAN Interface IP.

    So the interface configuration on the Virtual XG:

    LAN = Bridged

    WAN = NATed

    Thanks

  • 0 in reply to sachingurung

    hi

    thanks

    and how do I do that ?

     

    because the traffic from the source PC comes in from the LAN IP address instead of the WAN Interface IP.

    you said so because of the tcpdump right ?

    but, it was normal since I launched the tcpdump from my lan.

     

    Could you explain and details ?

    i repeat, i'm a noob...and a french noob. So sometimes, it's quite difficult to understand in english.

  • 0

    Does your modem actually support loopback/hairpin NAT? Also depend on how your modem handle this you need to add LAN to the allow Zones

    change your test client ip to 192.168.1.X and try if you can access nas using sophos's wan ip and nated port.