Hi, this is a complet list of ports: http://www.iana.org/assignments/port-numbers create the networks you need and the allow them in the packet-filter rules. hope this help ciao no war but peace
I believe your HTTP server is using fixed IP, then you have to define its IP on Astaro "Definitions >> Networks" with 255.255.255.255 as netmask.
In "Networks >> NAT/MASQD", you create DNAT with any name of your choice and nat from External Network to External_interface with HTTP as service. Then select your HTTP IP you define earlier as the destination address. Then your Packet Filter should work
So your DNAT/SNAT should look like: Source: External_Network Destination: External_Interface Service: HTTP Change destination to: HTTP_Server_IP
1)Astaro is installed with how may NIC, 2 or 3? 2)Is it not the ADSL router to be connected directly to the Internet. Then why is it having unpublicide IP of 10.0.0.2. 3)The public IP given to you by your ISP, is it not to be configured on the ADSL Router? 4)What are range of IP you are using for your Internal_Network and DMZ. 5)Can you at present get to the Internet the way your configuration is?
ao
[size="1"][ 04 October 2002, 13:49: Message edited by: ao ][/size]
1)Astaro is installed with how may NIC, 2 or 3? 2)Is it not the ADSL router to be connected directly to the Internet. Then why is it having unpublicide IP of 10.0.0.2. 3)The public IP given to you by your ISP, is it not to be configured on the ADSL Router? 4)What are range of IP you are using for your Internal_Network and DMZ. 5)Can you at present get to the Internet the way your configuration is?
ao
[size="1"][ 04 October 2002, 13:49: Message edited by: ao ][/size]
1 - ON my Astaro i have 2 NIC 2 - The ADSL Router is connectly directly to the internet and my ISP give me my public IP (80.65.226.54) and the ADSL Router have a internal IP for Administrative Feature (10.0.0.2) 3 - Between my ADSL Router and Astaro the NetWork Range is 10.0.0.0/255.255.255.0 and Behind Astaro, the network range is 192.168.0.0/255.255.255.0 4 - I have not a DMZ since my HTTP Server is my Primary Domain Controler so it must be in my private LAN (192.168.0.0) and not in DMZ
I Repeat my Configuration :
Private LAN (192.168.0.0/255.255.255.0) --> (Internal : 192.168.0.1) ASTARO (External, but not public : 10.0.0.2) --> (Internal : 10.0.0.1) Router ADSL (External Public Adress : 80.65.226.54)
My configuration is somehow different since I am using dynamic ip on cable model. However, what I can say is that there is no way the firewall is seeing the existence of your internet public IP and no nating is being done since external request goes to 80.65.226.54.
So what I will suggest 2 options:
Option 1) Define a network called "Internet_Interface"(80.65.226.54 /255.255.255.255)on the firewall. Then change your nating to:
NAME : HTTP Server Source Adress : Any Destination Adress : Internet_Interface(80.65.226.54/255.255.255.255) Service : HTTP
Change Source To : No Change Change Destination To : ZOOSRV (192.168.0.2) Service Destination : No Change
Leave packet filter as it is.
Option 2)Define a networks called "Internet_Interface"(80.65.226.54 /255.255.255.255)and "Internet_Network"(80.65.226.54/NM giving to you by your ISP) on the firewall. Then change your nating to:
NAME : HTTP Server Source Adress : Internet_Network"(80.65.226.54/NM giving to you by your ISP) Destination Adress : Internet_Interface(80.65.226.54/255.255.255.255) Service : HTTP
Change Source To : No Change Change Destination To : ZOOSRV (192.168.0.2) Service Destination : No Change and Packet filter From (Client) : Internet_Network"(80.65.226.54/NM giving to you by your ISP) Service : HTTP To Server : ZOOSRV (192.168.0.2) Action : Allow
Let me know if it works.
You did not say if you are able to access Internet with your present configuration.
[size="1"][ 04 October 2002, 16:10: Message edited by: ao ][/size]
I should believe that the configuration is already secured. The whole idea of using NAT is to redirected request on one system to another, and hide your internal network.
Since your webserver will be responding to the the public IP on your router, then it is only that IP that is being seen from outside.
