Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1207 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dnat. what did I forget or do wrong?

psychorugger
In my colo facility I have three webservers (obviously all with different ip addresses) and they each have their own external ip obviously.  For some reason, I can't get inbound traffic to route to my servers, but outbound is quick as hell.  Can you help?

I have the virtual IPs of the webservers defined to the external NIC.

internal nic: 10.x.x.x  255.255.255.0
external nic: 216.x.x.x 255.255.255.224
web03_nic: 216.x.x.x 255.255.255.224
etc.

internal network definition for webserver:
web03_internal  10.x.x.x  255.255.255.255

Currently, Packet filter rule is:
Any Any Any Allow

Packets to match:
Source: Any  Destination: web03_if  Service:  http

change to source: none
change to destination: web03_internal  service: none

What did I miss there?????

psychorugger   


This thread was automatically locked due to age.
  • 0
    First of all you're allowing everyone from the net to access ANY service in your systems! Not a good idea. If you're serving port 80 or HTTP, specify it explicitly.

    Second, test one system at a time. Alleviates troubleshooting.

    Third, you need to DNAT/SNAT appropriately. It seems like you're missing the "Change destination to:"

    your_webserver -> HTTP(80)


    There are many bad people out there who constantly scan for open ports. I'd suggest you secure your systems immediately.

    I hope that helps.

    jav
       
  • 0 in reply to javelin
    you know what else is helpful?  setting up routing tables.  [:)] woke up.  

    as for the any any any allow poicy, my computer wasn't on the internet yet.  it was a test intranet environment i set up using crossover cables.  so it was all good.  i'm up and kicking like a speed daemon now.  woohoo!  [:)]

    (knock on wood)

    by the way, javelin was my nickname in my college rugby team because i used to drive people in the ground head first.  i'm kind of crazy that way.  [:)]

    thanks again for your help.

    psychorugger