This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

simple DNAT to http server, doesn't work

ASL version is 2.0
Problem: trying to do simple connection from outside (internet) to my http server.
defined web server (IP 192.168.0.11), defined outside (24.x.x.x)
doing packet filtering :any,http,web server,http
doing DNAT: outside, http, web server, http

nothing. read faq, they say something about in order to do do it, first you have to packet filter any,any -> outside connection, then from outside,http,web server. tried that, doesn't work.
read that setup of web server in DMZ, my setup is pretty much the same except DMZ, still nothing. of course inside everything works. [:S]

Anyone willing to help me? I'd appreciate it a lot!

Dami

This thread was automatically locked due to age.

Parents

0 elliotf over 23 years ago

A few possibly stupid questions:

1.)  Do you have SNAT or masquerading set up so the replay does not come from the 192.168.x block?
2.)  Is the ASL box the gateway for the http server?
3.)  Did you check the live packet filter log?

Hopefully one of these simple mistakes is your problem.

Elliot F.
Cancel
Vote Up 0 Vote Down

Cancel
0 Dami over 23 years ago in reply to elliotf

Allright...

I disabled masquerading and SNAT totally now.
network diagram:
web server -> ASL -> cable modem
web server has internal address, asl has 2 NICs, one with internal IP and one with external, and cable modem has external.
ASL works as my gateway from internal network to internet, yes. Is this impossible? Then what do I do, I have to have extra box to do just gateway, and leave this just for firewall?

I looked at logs, nothing really suspicious, unless I do not understand it. It shows that I'm doing port scan from my other box (different location), that's about it.
[:S]

Dami
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Dami over 23 years ago in reply to elliotf

Allright...

I disabled masquerading and SNAT totally now.
network diagram:
web server -> ASL -> cable modem
web server has internal address, asl has 2 NICs, one with internal IP and one with external, and cable modem has external.
ASL works as my gateway from internal network to internet, yes. Is this impossible? Then what do I do, I have to have extra box to do just gateway, and leave this just for firewall?

I looked at logs, nothing really suspicious, unless I do not understand it. It shows that I'm doing port scan from my other box (different location), that's about it.
[:S]

Dami
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Dami over 23 years ago in reply to Dami

Did this too:

packet filtering: any,any -> ouside address.
DNAT: outside address, http -> web server, http.

doesn't work.
Do I have to do routing somewhere at this point?
Cancel
Vote Up 0 Vote Down

Cancel
0 elliotf over 23 years ago in reply to Dami

why did you disable masquerading and snat?

also, what kind of machine is your web server? (OS-wise)
Cancel
Vote Up 0 Vote Down

Cancel