This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reaching my public IP's outside firewall.

DannyBoy2042 over 12 years ago

I have a 1/2 a class C static IP's from my ISP.  I am currently using the ASG220 device.  I have a 1GB fiber connection from ISP that runs to my public facing switch.  I have a link that goes from that to the wan port on the ASG.

I have a few devices I want to attach to the public switch to bypass the ASG.  I can set a static to these devices and they work great for the outside world but I cannot reach them from my internal network.

On my DMZ port of the ASG I have several servers that are NAT'ed with additional IP's that work just fine I can reach internally and externally.  The only issue is devices I have directly hooked into my public facing switch.  Any suggestions and/or tips? [:S]

This thread was automatically locked due to age.

0 BAlfson over 12 years ago

fwrule="60002" means the default drop is out of the FORWARD chain which seems strange to me. It seems that Barry's intuition was spot on - the trick is that a DNAT won't work for this situation, only a Full NAT above the DNAT would work (with the new source being "External (Address)"). I would have expected a SNAT or masq rule to be used for this traffic though, probably along with a /32 for the public IP on External.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 12 years ago

Hi,
Try disabling all NATs except for outbound SNATs or MASQ.

If you can't do that, please post screenshots of all the NAT and MASQ settings.

Barry
Cancel
Vote Up 0 Vote Down

Cancel