NAT n00b

Hi,

after 5 installations of asl i am now ready configuring my network... (there were some problems with my switch, etc... nothing to do with asl...)

i tried to add some test rules, but through none of this i get a connection to the internet from a client machine.  [:(]

i want to:
all local requests on port 80 should be forwarded...
all incomming requests on port 80 should be forwarded to 172.30.1.10:80
same on port 21 to 172.30.2.5:21

i added a rule like:
nat requests from 172.30.2.5 to Any on every service. at the client machine (172.30.2.5, Windows XP) i inserted the default gateway (172.30.0.1) ... nothing happens...  [:(]

whats wrong? maybe someone will help a little firewalling newbie...

thanks

Parents

0 Resistance over 23 years ago

what version you using?

once you setup the rules you gotta setup a DNAT function

let me know what version I will give you an example if needed

[ 16 March 2002: Message edited by: Resistance ]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Thomas Anderson over 23 years ago in reply to Resistance

its the new beta 3.040 with a pppoe connection on the second NIC...
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Polluxxx over 23 years ago in reply to Thomas Anderson

Hi Thomas,
just give us a brief explanation of your setup.

Did you enable Masquerading at the Nat Settings?

something like:

LAN Any Any

Source to: Masq on eth2

kind regards
Polluxxx
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Thomas Anderson over 23 years ago in reply to Polluxxx

k. the firewall is running on 172.30.0.1 and i turned the gateway off (at the definition of the ethernet devices)...

i added a rule for my test client (172.30.2.5) like:

Private Network 172.30.0.0 -> internet / All   MASQ__dsl0   None
All -> Any / All   MASQ__dsl0 None
172.30.2.5 -> internet / All   MASQ__eth0   None
Private Network 172.30.0.0 -> Any / All   MASQ__dsl0

my definition of 'internet' is ip: 0.0.0.0 subnet: 0.0.0.0 (same as Any)


quote:

Did you enable Masquerading at the Nat Settings?

can't see a option like 'enable' in the NAT / Masquerading settings...   [:S]

thanks 4 help

[ 16 March 2002: Message edited by: Thomas Anderson ]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Thomas Anderson over 23 years ago in reply to Polluxxx

k. the firewall is running on 172.30.0.1 and i turned the gateway off (at the definition of the ethernet devices)...

i added a rule for my test client (172.30.2.5) like:

Private Network 172.30.0.0 -> internet / All   MASQ__dsl0   None
All -> Any / All   MASQ__dsl0 None
172.30.2.5 -> internet / All   MASQ__eth0   None
Private Network 172.30.0.0 -> Any / All   MASQ__dsl0

my definition of 'internet' is ip: 0.0.0.0 subnet: 0.0.0.0 (same as Any)


quote:

Did you enable Masquerading at the Nat Settings?

can't see a option like 'enable' in the NAT / Masquerading settings...   [:S]

thanks 4 help

[ 16 March 2002: Message edited by: Thomas Anderson ]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Thomas Anderson over 23 years ago in reply to Thomas Anderson

no one out there who can help me?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Thomas Anderson over 23 years ago in reply to Thomas Anderson

*push*

i need help anymore... tried adding some firewall rules, but couldn't get a connection...

please help
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Otter over 23 years ago in reply to Thomas Anderson

Under the Network - NAT/Masqerading Section:

-----
Packets to Match
Src: Protected_network   Dst: Any   Svc: Any
-----
Change SOURCE to: ::MASQ on 'external interface'::

This will Masqerade your internal Protected_network on the external firewall interface.  This will replace the internal src address with a publicly reachable address so that destinations have a valid address to respond to...

Hope this helps!  [:)]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Polluxxx over 23 years ago in reply to Otter

hi there,

try to remove all rules
Private Network 172.30.0.0 -> internet / All MASQ__dsl0 None
All -> Any / All MASQ__dsl0 None
172.30.2.5 -> internet / All MASQ__eth0 None
Private Network 172.30.0.0 -> Any / All MASQ__dsl0

except of the first one.

Make sure on all you client pcs behind the firewall have their default gateway set to the firewalls internal interface.

Add a packetfilter rules Private Network 172.30.0.0 Any Any ACCEPT, activate it and you should be set.

hope that helps,
kind regards

Polluxxx
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel