Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 4 answers
  • Subscribers 28 subscribers
  • Views 19266 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port forward to web server

peter zaher

I have Website published on IIS as http on port 8888.

I added it as Web Server and created business role add authentication method.

I can access the website on new port 8887 from Lan, when i tried to access the website using Public ip from wan didn't worked.

I tried to create DNAT for the new port but still face the same problem.

 

Regards,

Peter Zaher 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Aditya Patel

    Hi Aditya

     

    here is the tcpdump

     

    console> tcpdump 'port 8888 or port 8886 or port 8887
    tcpdump: Starting Packet Dump
    21:51:40.692412 Port1, IN: IP 10.10.3.101.21855 > x.x.x.x.8886: Flags [S], seq 2424152625, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    21:51:40.794167 Port1, IN: IP 10.10.3.101.21856 > x.x.x.x.8886: Flags [S], seq 69424576, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    21:51:41.044866 Port1, IN: IP 10.10.3.101.21857 > x.x.x.x.8886: Flags [S], seq 1433312481, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    21:51:43.692415 Port1, IN: IP 10.10.3.101.21855 > x.x.x.x.8886: Flags [S], seq 2424152625, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    21:51:43.794659 Port1, IN: IP 10.10.3.101.21856 > x.x.x.x.8886: Flags [S], seq 69424576, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    21:51:44.044946 Port1, IN: IP 10.10.3.101.21857 > x.x.x.x.8886: Flags [S], seq 1433312481, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    21:51:49.692797 Port1, IN: IP 10.10.3.101.21855 > x.x.x.x.8886: Flags [S], seq 2424152625, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    21:51:49.794194 Port1, IN: IP 10.10.3.101.21856 > x.x.x.x.8886: Flags [S], seq 69424576, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    21:51:50.045069 Port1, IN: IP 10.10.3.101.21857 > x.x.x.x.8886: Flags [S], seq 1433312481, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    21:52:06.844075 Port1, IN: IP 10.10.3.101.21871 > x.x.x.x.8886: Flags [S], seq 1675063050, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    21:52:07.195710 Port1, IN: IP 10.10.3.101.21872 > x.x.x.x.8886: Flags [S], seq 1460055637, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    21:52:09.843587 Port1, IN: IP 10.10.3.101.21871 > x.x.x.x.8886: Flags [S], seq 1675063050, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    21:52:10.196683 Port1, IN: IP 10.10.3.101.21872 > x.x.x.x.8886: Flags [S], seq 1460055637, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    ^C
    13 packets captured
    13 packets received by filter
    0 packets dropped by kernel

  • 0 in reply to peter zaher

    Hi Peter, 

    As per the logs you have posted, could you verify the WAN port is Port1 or 2. Also, the request came from the LAN users, could you elaborate the issue while connecting from WAN or from LAN?

    If the connection is from LAN and if the server is in DMZ zone, could you check if there is a LAN to DMZ rule? 

  • 0 in reply to Aditya Patel

    Hi Aditya,

     

    The problem occur from WAN and LAN and the same dump, about the server locate in LAN i don't have a DMZ.

     

    Regards,

  • 0 in reply to peter zaher

    HI Peter

    Got it , Is there a LAN to LAN rule with NAT applied? I suspect that the local loopback rule is missing. 

  • 0 in reply to Aditya Patel

    Hi Aditya,

     

    I Got it, i just split firewall role into lan - wan and it is working fine now.

     

    Regards,