Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 2278 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT Problem ping only works

bxxp
Hello,

astaro 3.212

I'm trying configure outlook web access:

here is my configuration

DNAT
source: any
service: any (for testing)
Destination: virtual server (DMZ) CHANGE exchange server (LAN)
Destination service no change

Rule: allow any virtual server (DMZ) (for testing)

and now I have only one problem ;-)

ping and tracert works, but this is all. I can not connect any other service.

any help would be great!!

thanks
bxxp


This thread was automatically locked due to age.
Parents
  • 0
    I think this is the service any entry, I might be wrong but there is a bell ringing...
  • 0 in reply to Andy_01
    Originally posted by bxxp:
    Hello,

    astaro 3.212

    I'm trying configure outlook web access:

    here is my configuration

    DNAT
    source: any
    service: any (for testing)
    Destination: virtual server (DMZ) CHANGE exchange server (LAN)
    Destination service no change

    Rule: allow any virtual server (DMZ) (for testing)

    and now I have only one problem ;-)

    ping and tracert works, but this is all. I can not connect any other service.

    any help would be great!!

    thanks
    bxxp
    Both your packet filter rule and the DNAT rule has to address what you are wanting to do. I understand you want to come into your network from the outside to use the web access feature of MS Exchange server? right? Well then you DNAT is any-->firewall-->service:LDAP(389 or ?? SSL) srce:no chnge dest:XCHGESRV -->service:no chge
    Your packet filter rule must allow connect thru on LDAP or SecureLDAP port on the firewall and the service:LDAP and point to the Xchge server??
  • 0 in reply to Jadal
    new configuration
    DNAT rules
    sourceaddress: any
    sourceservice: http, https, ldap
    destinationaddress: dmz_host CHANGE exchange
    destinationservice: no change

    rules
    allow http, https, ldap -> dmz_host
    allow http, https, ldap -> exchange

    the same thing: ping/trace works, but no other service.

    any idea?
  • 0 in reply to bxxp
    it works!

    don't ask why.

    I have deleted all rules and hosts and started new from the beginning.

    In my opinion I did nothing else then before, but now it works.

      
Reply Children