This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

You would think it's obvious but...

You ever have one of those days where you feel like a dumbass? Anyway... I'm running a server which hands out encryption keys.

I have a filter rule to allow any client on this port with the address of the keyserver (which is a private address BTW, so would I use the external interface address instead? I tried this and no joy.)

Also I have a SNAT/DNAT rule for any source with a destination of the external interface using this service
does not change the source, changes the destination to the keyserver and does not change the service.

From what I can tell this should work but when I try to access it, nada. I've read the manual and searched around the boards and feel I've done what they suggest. So I must defer to the brain on this one.
Oh and for what it's worth I have a MASQ rule set up for inside the ASL and that works fine.

TIA

This thread was automatically locked due to age.

Parents

0 Simon Shaw over 22 years ago

Try packet filter to allow traffic to Red as well as the private IP.

Have you looked at the packet filter live log when trying to access the server ?
Cancel
Vote Up 0 Vote Down

Cancel
0 RichH over 22 years ago in reply to Simon Shaw

Ok, I tried that and there is nothing in the live log when I try to connect. So that would tell me that there is no prob with the filter rule. I think? So it kinda must be a NAT issue.

I have one NAT rule to forward from anwhere-->external_interface /keyserver to forward to the private IP of the box.

And another to forward any-->PrivateLAN/Keyserver forward to private IP
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 RichH over 22 years ago in reply to Simon Shaw

Ok, I tried that and there is nothing in the live log when I try to connect. So that would tell me that there is no prob with the filter rule. I think? So it kinda must be a NAT issue.

I have one NAT rule to forward from anwhere-->external_interface /keyserver to forward to the private IP of the box.

And another to forward any-->PrivateLAN/Keyserver forward to private IP
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Simon Shaw over 22 years ago in reply to RichH

Sounds like your packet filter rules are OK then.

You should have one MASQ rule for the servers LAN.

ServerLAN -> All/All MASQ_ExtInterface None

And another rule to forward packets from the ExtInterface to the server box.
Such as:

KeyServer Any->ExtInterface/KeyServerServiceDefintion None KeyServerIP

That should be all that's required.
Cancel
Vote Up 0 Vote Down

Cancel
0 RichH over 22 years ago in reply to Simon Shaw

Ok - here's what I'm currently using:

Filter rule:
Any Keyserver External_Interface__ Allow

I get nothing in the live log when I try to connect.

NAT: DNAT/SNAT:
Keyserver   Any -> External_Interface__ / Keyserver   None   Keyserver

Still I am unable to connect from outside the network.
Thanks everyone for your assistance.

Rich
Cancel
Vote Up 0 Vote Down

Cancel
0 cschmit over 22 years ago in reply to RichH

Go to this thread. ASL Beating me up I had the same problem and it was solved now...
Cancel
Vote Up 0 Vote Down

Cancel
0 RichH over 22 years ago in reply to cschmit

Up and running!!! Alrighty then!

Thanks a bunch to everyone!!!!!!!
Cancel
Vote Up 0 Vote Down

Cancel