Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 3799 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing services (iSCSI, Samba, TimeMachine) from DMZ- to WiFi-Zone

Frank Zimmermann

Hello community,

I'm new with HW firewalls but the XG125 is great. It looks that I have to understand some basics and want to open first all services and afterwards (after understanding) closing the doors at the firewall!

One simple question from my side. Please see the attached sketch.

I've a MacBook connected at the WiFi zone and a NAS at the DMZ zone. I open everything that I could configure to make traffic transparent. I can ping from the MacBook all devices in the different segments without problems. I can login on the firewall and also on the NAS out from the MacBook. So far so good.

But I do not get any samba shares in my finder, no SAN share or neither make a BackUp through TimeMachine. Configuration of all those services at the NAS is correct.

What basics are missing in my thoughts? Can you please advice? Something is suppressing those services? Do I need to explicitly make a rule to let something going through?

Regards, Frank

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to rfcat_vk

    Hi Ian,

    ok. Understood. This is how it looks now. After rebooting the device still no services from the NAS available. The gateway is selected to be port2. This port is connected to the WAN router.

    Any idea?

    Regards, Frank

  • 0 in reply to Frank Zimmermann

    Hi Frank,

    the time machine backup and NAS access do not use standard web ports, you will need a another rule which does not have any web functions because the web functions invoke the proxy.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    it's like Christmas to me. I added tcp port 3260 on the main firewall rule and my connection to the SAN service works. Great!

    Now I'm investigating how to open udp 5353. Because this is the bonjour discovery for TimeMachine.

    Searching for answers in the Internet looks like I've to create a business application rule and try the complex DNAT/FullNAT/... menu. Looks horrible.

    Thanks a lot, Ian for showing me the way.

    Regards, Frank