This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

opening ports

i have the following configuration on my astaro. what i want is allow incoming on the external interface to a computer in the network. i did some search and read the manuals but unfortunatly cant get this working.

eth0: external
eth1: internal

definitions -> network computer_1, ip 192.168.0.2/32

definitions -> services
name: in_ports, protocol tcp/udp, s-port/client 1024:65535, d-port/server 4660:4680

packet filter rule
from any to computer_1, service in_ports, allow

network/MASQ DNAT/SNAT
source address any
destination address eth1, service in_ports,
change dest to computer_1

This thread was automatically locked due to age.

Parents

0 Maurice over 22 years ago

[ QUOTE ]

packet filter rule
from any to computer_1, service in_ports, allow

network/MASQ DNAT/SNAT
source address any
destination address eth1, service in_ports,
change dest to computer_1

[/ QUOTE ]

If I understand correctly, you want to allow ports 4660:4680 from any source, to reach a computer_1 in your protected network. If this is correct, then your problem is the quoted above.

First, you should create a rule that allows the service in_ports on the external IP, ETH0 in your case, and NOT the internal IP.

Then, you should apply the DNAT/SNAT to match:
source any
destination eth0
service in_ports
change dest to computer_1

This means you are routing any connection on the desired ports from the external IP of the ASL box to the computer inside your network.

You should therefore initiate a connection from outside to the EXTERNAL ETH0 IP and ASL will allow the connection and route it to the internal computer.

What you did is routing the internal IP to itself therefore the connection was rejected in first place by eth0 when it reached to it.

Good luck
Maurice
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Maurice over 22 years ago

[ QUOTE ]

packet filter rule
from any to computer_1, service in_ports, allow

network/MASQ DNAT/SNAT
source address any
destination address eth1, service in_ports,
change dest to computer_1

[/ QUOTE ]

If I understand correctly, you want to allow ports 4660:4680 from any source, to reach a computer_1 in your protected network. If this is correct, then your problem is the quoted above.

First, you should create a rule that allows the service in_ports on the external IP, ETH0 in your case, and NOT the internal IP.

Then, you should apply the DNAT/SNAT to match:
source any
destination eth0
service in_ports
change dest to computer_1

This means you are routing any connection on the desired ports from the external IP of the ASL box to the computer inside your network.

You should therefore initiate a connection from outside to the EXTERNAL ETH0 IP and ASL will allow the connection and route it to the internal computer.

What you did is routing the internal IP to itself therefore the connection was rejected in first place by eth0 when it reached to it.

Good luck
Maurice
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 orhan over 22 years ago in reply to Maurice

ive tried your config too but no success.
actually im trying to get emule working. ive did some search on the bb. i tried every configuration but without success. still getting low id. and if i test the connection i get the following
your IP is within a private range (unknown), something seems to be wrong !??
http://www.thedonkeynetwork.com/connection_test

in emule runs in Low id.
Cancel
Vote Up 0 Vote Down

Cancel
0 ezekiel over 22 years ago in reply to orhan

I get the same result from the eDonkey link you posted but I can still get a high id from eMule. See my Post on how to set up eMule. It works.
Cancel
Vote Up 0 Vote Down

Cancel