This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT/SNAT Problem

I have webmail setup on a server at port 81 and I defined a new service:
WMAIL TCP 1024:65535 81

I am trying to route to IP xxx.xxx.xxx.3(fileserver)

I have DNAT/SNAT:
wmail Any -> external (Address) / WMAIL None fileserver

and have tried many packet filter settings including allowing all traffic.

If I setup port forwarding (DNAT/SNAT) using the built in HTTP service as well as SMTP and they work fine. It seems to be an issue with the custom service but I cannot seem to figure out why.

This thread was automatically locked due to age.

Parents

0 Andy_01 over 20 years ago

your packet filter rule has to allow the custom service from any to the fileserver, also make sure the fileserver uses the internal interface of Astaro Security Linux as default gateway.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jason Hughes over 20 years ago in reply to Andy_01

I have all that. Like I said the built in services work fine, but it seems that when I do a custom service it doesn't work. I have setup HTTP and SMTP and both connections work just not ANY of my custom services.
Cancel
Vote Up 0 Vote Down

Cancel
0 cyclops over 20 years ago in reply to Jason Hughes

any logs? Goto Local Logs/Browse, click on 'show support logs' and select mdw.log. Check for 'unknown network' entries related to your definition or the interface definition.

Check if NAT rules and filter settings are applied as supposed to. Go to Packet Filter/Advanced and click on show 'Current System NAT Rules' and show 'Current System Packet Filter Rules'.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel
0 Jason Hughes over 20 years ago in reply to cyclops

I do not see any unknown network errors but there are lots of perl module errors. I also don't see the entries for the packet filter. How do I manually add them or force them to add via the web interface.

Thank you for the help cyclops.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Jason Hughes over 20 years ago in reply to cyclops

I do not see any unknown network errors but there are lots of perl module errors. I also don't see the entries for the packet filter. How do I manually add them or force them to add via the web interface.

Thank you for the help cyclops.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Jason Hughes over 20 years ago in reply to Jason Hughes

Well I found the problem. It had to do with using port 81. My thought is that maybe it can't bind the port due to web admin not being run as root (IE binding any port under 1024). Perhaps there is a way to make that port bind by editing a file?

Anyone have any ideas?
Cancel
Vote Up 0 Vote Down

Cancel
0 SecApp over 20 years ago in reply to Jason Hughes

Could you tell us a little more about the software running on the server you are trying to reach?
OS version, Service packs if it is Windows...
Cancel
Vote Up 0 Vote Down

Cancel
0 Jason Hughes over 20 years ago in reply to SecApp

The issue does not have to do with the server I am running, it has to do with astaro not allowing me to port forward user defined ports below 1024.
Cancel
Vote Up 0 Vote Down

Cancel
0 SecApp over 20 years ago in reply to Jason Hughes

Have you tried telnetting to 81 from outside to see what you get?

You will have to furnish a GET or HEAD command;
search on the web to see how to do this...
Cancel
Vote Up 0 Vote Down

Cancel