Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 1090 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OK so why won't this work ?? yet another noob question

neill
hi y'all

yet another noob/amateur who can't get his shiny new industrial strength firewall to work ! [:)] 

new installation of astaro v6 as follows

dsl modem/router - static internal IP 192.168.10.1
no DHCP server
external static IP from ISP. DSL connection is up and good

astaro eth0 (internal) - static IP 192.168.0.100/255.255.255.0: gateway no
connected to switch thence to LAN PCs 
astaro eth 1 (external) - static IP 192.168.0.200/255.255.255.0: gateway 192.168.10.1 (ie the router)

astaro DHCP server to LAN
range 192.168.0.10 - 25 /255.255.255.255.0
interface : internal
gateway/DNS: 192.168.10.1

single packet filter rule (for the time being)
source/service/action/destination
internal (network)/any/allow/any

NAT/masq
internal(network) -> all/all MASQ_External

definitions (auto generated)
external address 192.168.0.200  - up
external  network 192.168.0.0/24 - up
internal address 192.168.0.100 - up
internal network 192.168.0.0/24 - up
(not sure i understand this last bit)

cannot for the life of me see why that doesn't work - but i can't get online through astaro

so what stoopid noob mistake am i making ?? [:S] 

anybody ??

neill


This thread was automatically locked due to age.
Parents
  • 0
    Your external IP should be 192.168.10.x not 0.x

    and the Internal Gateway /DHCP setting should be the IP of the ASL INT interface, 192.168.0.100

    BTW, future things (such as allowing incoming traffic) will be easier if you can put the DSL modem into bridge mode instead of router mode.

    Barry
  • 0 in reply to BarryG
    Yes, Astaro works best with the modem setup in Bridge mode, with the external interface on ASL set to connect via PPPoE. (or PPPoA if that's what your ISP uses).
  • 0 in reply to Simon Shaw
    thanks i'll try that later when i get home from work

    i originally put the router on a different subnet to the external IP because when i was using Smoothwall that was how it was done if you wanted to see the router fron the green (internal) interface

    also why bridging mode ? i don't doubt you at all i'm just interested as to why 


    neill
Reply
  • 0 in reply to Simon Shaw
    thanks i'll try that later when i get home from work

    i originally put the router on a different subnet to the external IP because when i was using Smoothwall that was how it was done if you wanted to see the router fron the green (internal) interface

    also why bridging mode ? i don't doubt you at all i'm just interested as to why 


    neill
Children
  • 0 in reply to neill
    "Double NATting" is incompatible with some protocols... expect some real problems with IPSEC tunnels, even with NAT-T turned on, for example.  If you really want to leave your DSL Modem in router mode, set the astaro to bridged mode... NATting twice should be avoided.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Cookie Information Banner