This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT without internal DNS

I was told to edit the hosts file on the PC's om my network to fix a problem with DNAT.... but my problem is that from outside the network I cant see my webserver.... The hosts file entry will solve this problem? What about if all the PC's on my network are off? Will I still be able to see the webserver from other locations in the world?
--------------------------------------------------------------------------------

This thread was automatically locked due to age.

Parents

0 Orjan Sandland over 23 years ago

That sounds rather strange.... AFAIK, everything related to DNAT uses IP addresses, not FQDNs.
Regarding your webserver, first you need to define the webserver in Definitions|Networks with a host specific netmask (ip-address, netmask 255.255.255.255)
Then you have to set up a dnat (remember that the pre dnat network must be defined and be the network on the firewall outside).
Finally you have to set up a packet filter rule that allows the HTTP protocol from ANY to the webserver.

Hope this helps.

Best regards,
Ørjan Sandland
Cancel
Vote Up 0 Vote Down

Cancel
0 xtech over 23 years ago in reply to Orjan Sandland

Here is my actual setup:

Firewall Ext: a.b.c.151
Firewall Int: 10.10.10.1
Firewall Gateway: Provided by ISP company

Webserver: 10.10.10.10
Netmask: 255.255.255.255
Gateway: 10.10.10.1

DNAT rules: Firewall Ext - http - webserver - http

Filter Rules: Any - http - webserver - alow.
Cancel
Vote Up 0 Vote Down

Cancel
0 Orjan Sandland over 23 years ago in reply to xtech
I found something here...

In your DNAT rule, you have set PRE DNAT network to be the external INTERFACE, and not the NETWORK.

It may be a typo, but keep in mind that packets will come from the external network (between you and your provider) and not from the Interface itself.
If Firewall Ext is a network definition - forget the above :-). If it is not, you need to define the network.

I have done it like this:

If this doesn't help, I'm not sure what's wrong. Perhaps you should move the packet filter rule for http to the top of the list - if it's not there already.

Good luck and best regards,
Ørjan Sandland
--
Better, faster, cheaper - choose any two [;)]

[ 05 December 2001: Message edited by: Ørjan Sandland ]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Orjan Sandland over 23 years ago in reply to xtech
I found something here...

In your DNAT rule, you have set PRE DNAT network to be the external INTERFACE, and not the NETWORK.

It may be a typo, but keep in mind that packets will come from the external network (between you and your provider) and not from the Interface itself.
If Firewall Ext is a network definition - forget the above :-). If it is not, you need to define the network.

I have done it like this:

If this doesn't help, I'm not sure what's wrong. Perhaps you should move the packet filter rule for http to the top of the list - if it's not there already.

Good luck and best regards,
Ørjan Sandland
--
Better, faster, cheaper - choose any two [;)]

[ 05 December 2001: Message edited by: Ørjan Sandland ]
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data