This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT to DNAT should this work?

Hi all!

Great product ASTARO!!! I managed to install ASL and works beautiful. Now my problem; I have setup two firewalls ASL-A and ASL-B and want to access a Web-Server on that is behind ASL-A from ASL-B (both servers are on the WAN).  If I use ISP (like AOL) Dial-UP connection I can access my Web-Server behind ASL-A with out any problems, however if I try to access it from behind ASL-B it doesn't work.  I can do everything else form behind ASL-B but connect to ASL-A.  I have used DNAT to connect to Web-Server.

1.  This connection doesn’t work for me
IE 5.5---ASL-B ----- WAN ----- ASL-A---WEBSERVER port:80

2. But this works no problem
IE5.5(AOL) ----- WAN ----- ASL-A---WEBSERVER port:80



What has to be done to get this working?

Your help will greatly appreciated!
Thank you in advance

Jarek

[ 02 October 2001: Message edited by: Jarek ]
Hi Again!  [:S]
Maybe this will help you guys.  This is the error message I get when I try to access the WebServer:

While trying to retrieve the URL: http://www.domainname.net/

The following error was encountered:

Connection Failed
The system returned:

    (113) No route to host
The remote host or network may be down. Please try the request again.

Thanks,
Jarek

[ 03 October 2001: Message edited by: Jarek ]

This thread was automatically locked due to age.

Parents

0 ClausP over 23 years ago

Hi,

why you are using double DNAT ? ;-)

>1. This connection doesn’t work for me IE.5---ASL-B ----- WAN ----- ASL-A---WEBSERVER port:80

ASL B = simple masquerading (dynamic IP from AOL)

This should work very well. But it is possible that you get with every DOD a new IP Adress from AOL.

The problem with the message "no route to host" could be a good example for the reason above.

It seems that the default gateway is not correct set. Reason for this could be dynamic IP by AOL (hostroute).

claus

[ 04 October 2001: Message edited by: ClausP ]
Cancel
Vote Up 0 Vote Down

Cancel
0 Jarek over 23 years ago in reply to ClausP

Hi Claus!

Thank you for reply! I think I have explained my situation the wrong way.  I am going explain it again.

1. ASL-B is a firewall that I have at home and is working great for me. I have setup Webserver that works just fine.

2. ASL-A is a firewall that is setup at my friend.  And is working great as well.

So we are physically in the different locations, different IP addresses, Subnet Mask, and Default Gateways.  Both computers are using Cable Modems.  Now if my friend tries to access my webserver he can't, he is getting the message

"While trying to retrieve the URL: http://www.domainname.net/

The following error was encountered:

Connection Failed
The system returned:

(113) No route to host
The remote host or network may be down. Please try the request again. "

- if my friend uses AOL and wants to access my webserver he has no problem - everything works for him.

If there is anything that I have not explained, please let me know but that's what I have and I think it should work.  And I am sorry about the confusion about the DNAT to DNAT I must have been tired and made a mistake.   [:)]y ASL-B Server has the DNAT setup for the Webserver and that's all.

Thank you again,
Jarek

[ 04 October 2001: Message edited by: Jarek ]
Cancel
Vote Up 0 Vote Down

Cancel
0 ClausP over 23 years ago in reply to Jarek

Hi Jarek,

do you already tried the traceroute command to see where it stops ?

I would try a static route on ASL-A to your IP adress.

Maybe your ISP does not allow access between 2 or more cable modems in his network ?

In my opinion it looks like there's is a static route missing for the destination (your www) and ASL-A. Maybe possible ?

claus
Cancel
Vote Up 0 Vote Down

Cancel
0 Jarek over 23 years ago in reply to ClausP

Hi and Thank you!

This is what I have done from my friends PC via his firewall ASL-A.

I have tried the tracert command and if I try for example "tracert www.altavista.com" I will get the rout to Altavista no problem. However if I try it to my domain it will only show me the firewalls IP (ASL-A) and that's all. I am not sure what that means since I am not familiar with IP on that level but I will listen to commends and suggestions.

My firewall (ASL-B) behaves the same way if I try the "tracert" command, I can do it on other websites but not on my friends domain. I have also tried this, I have bypassed the firewall and connected my PC directly to modem and this way my friend was able to access my web server and use the tracert command (He was going via his firewall).

- I am not familiar with the static route setup, could any one please show me an example?

Thank you again,
Jarek
Cancel
Vote Up 0 Vote Down

Cancel
0 Jarek over 23 years ago in reply to Jarek

Well thank you for all your help!!

I have found out my problem. I have setup my friends firewall Gateway IP address the same as the external network IP address (I am amazed that it still worked) . Once I have realized what was wrong I have changed it to a proper IP address and everything is working, as it should. Once again I have to say Astaro is working great and I am looking forward for new implementations like DHCP client in this package. For now, thank you Claus!

Jarek

[ 10 October 2001: Message edited by: Jarek ]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Jarek over 23 years ago in reply to Jarek

Well thank you for all your help!!

I have found out my problem. I have setup my friends firewall Gateway IP address the same as the external network IP address (I am amazed that it still worked) . Once I have realized what was wrong I have changed it to a proper IP address and everything is working, as it should. Once again I have to say Astaro is working great and I am looking forward for new implementations like DHCP client in this package. For now, thank you Claus!

Jarek

[ 10 October 2001: Message edited by: Jarek ]
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data