Hi
I have spent all yesterday trying to get DNAT working on ASL 2.012 without any success at all.
I have read through several posts and believe I have done all that's required, but it still doesn't work.
Here is my set-up:
2 Nics. One IP bound to Internal Nic, 2 IPs bound to External Nic.
I originally tried to get these services working on the External nic's ip alias, but to keep everything simple I am now focusing my efforts on the nics real ip.
I am wanting to set up the following services which will all forward to the same server on the internal LAN (I am not using a DMZ):
IMAP configured as a service to TCP port 143 (source 1024:65535)
HTTP configured as a service to TCP port 80 (source 0:65535)
MS Terminal Server configured as a service to TCP and UDP port 3389 (source 0:65535)
I have set up DNAT rules which look like this:
Pre NAT: External IP - IMAP
Post NAT: Internal IP - IMAP
and similar for the other services.
I have also set up packet filters to allow packets from ANY to Internal IP on the IMAP port.
I do not get any messages in the Filter Live Log when this rule is enabled, so I think that is ok. Out of desperation I have also tried accessing these services when the packet filter had everything set to ANY and ALLOW (e.g. no restrictions), but this didn't work either [:(]
I have set the Internal server's IP to be masqueraded onto the External interface. Is this correct? Do I need to do the same for the Firewalls IPs?
I have also rebooted many times in case that was the problem.
So what I am doing wrong? I still can't connect to any of these services outside my LAN.
I am using the SMTP proxy and it works fine from outside the network, along with WebAdmin and SSH - but not my DNAT services.
Any help would be greatly appreciated!
Owen
This thread was automatically locked due to age.
