Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 10672 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website hosted in a LAN server

Juan David Arango

Hi dear community,

Today I'm bringing a odd situation, a server located in the LAN below the XG Firewall is hosting a webpage. Currently, when I try to access it through the Internet it works perfectly and everyone can reach it. But, when a PC in the LAN below XG Firewall (same LAN from the server) try to access the webpage, it doesn't load. Same problem happening with a Cyberoam configuration.

Is there a business rule configured is redirecting the port 80 and 443.

Thanks for your attention!



This thread was automatically locked due to age.
  • 0

    Juan,

    change the source from WAN to ANY and try again.

    Regards

  • 0 in reply to lferrara

    Should I uncheck NAT or reflexive rule?

    Still without working.

    I will try creating an specific rule just for the LAN requests.

  • 0 in reply to Juan David Arango

    Hi,

    In the packet capture for the desktop inside the LAN I can see packets are incoming but never forwarded for the Webserver.

    Any idea?

    Thanks.

  • 0 in reply to Juan David Arango

    i was experiencing this exact issue.

    our webserver could serve up the pages across the internet perfectly, but attempting to access them internally was not bringing up a page.

    i went into the rule i set up in our XG 135 firewall, changed the routing rule at the bottom of page.

    i checked the "Rewrite Source Address (Masquerading)" and set the option to MASQ.

    and BINGO! i can access our websites across the internet and also from within!

     

    I Hope this is helpful!

  • 0 in reply to Elisha Spicer

    Just another solution in case of use to someone

    Not as simple as the one stated above but does bypass the firewall altogether

    (whether bypassing firewall is a good idea or not is your decision)

    but generally internal PC's are less a security concern and it does free up firewall resources

    And you can limit access to the server from internal PCs by omitting the entry in hosts

     

    You can add an entry to the hosts file on each PC that needs access to the internal server.

    i.e. create a route on each PC

    the hosts file on Win10 is in C:\Windows\System32\drivers\etc

    You can read the hosts file but you can not write directly to it so you have to save it to your documents after making the change.

    Then copy and paste it from within windows explorer

     

    The entry in hosts takes the form:

    XXX.XXX.XXX.XXX    www.mywebserver.com      # XXX.XXX.XXX.XXX is the LAN ip address of your server

     

    ==========================

    but the best solution in my mind is to put the server in the DMZ and add a route on the firewall from the LAN to the DMZ