Update 24 hours later...
Could this be a licensing issue? I have a home use license. With a home use license on 5.202 can you host a web server? I had no problem doing this under 4.0xx.
I have stripped all the configuration out of the 5.202 version (see below) and started from scratch. The private network going to the Internet works fine.
I have a web server on my private network at 192.168.0.50. I want to make this visable to the Internet at 206.176.130.51. (My firewall is .50)
So, I set up an additional address on ETH1 (my public NIC).
I add a DNAT rule to translate dest. addr to the private address for the webserver. Then add a packet filter rule to allow any HTTP traffic from anywhere to hit the public side of the server. (according to Astaro docs that is really supposed to be the private side of the server. But running live log, shows the destination port as the public address so I guess the conversion happens after the PF?...)
Anyway, the weird part is Live log shows packets from my public range hitting the firewall. Live Log does not show any traffic from the internet. My Internet connection is good because my internal LAN has no trouble browsing etc...
The next step is Ethereal...
Original Post:
I have been running ASL 4.xx (whatever the lates rev was) for several years. I built a new firewall machine and put ASL 5.200 on it. I moved all my rules into place by backing up old machine and importing backup to the new machine.
Everything worked correctly under old machine.
Now, my public servers: web server, DNS server, etc... can be accessed from my Public IP range, but not from anywhere else on the Internet.
Example:
ASL Firewall: Public Side 206.176.130.50 Private Side 192.168.0.1
On my internal network I have a web server at 192.168.0.50, The public address for this is 206.176.130.51
On the firewall, I created an interface alias on ETH1 (public NIC) as 206.176.130.51/255.255.255.240
I created a NAT rule: Any -> N200-Public / HTTP DST Translate to N200-Private
In the packet filter rules I have Any -> N200-Private Allow
To test, I plugged a laptop into the public side of my network, pointed a browser to http://206.176.130.51, the page renders.
When I go to a server I own out on the Internet (69.30.x.x) and try to load the web page, it times out. I have not been able to determine if it is the sending or return packet that is lost.
PF Live Log does not even show the traffic, so I don't think is a PF problem.
Does anyone know how to debug this?
addendum: on the webserver, I ran tcpdump -lq port http. tcpdump could "see" activity when loading browser from my internal network and from my public range. tcpdump did not register anything when I tried to access this from the remote internet site. I believe that the packets from the Internet are never hitting the internal machine.
The packet filter does not show any activity with the remote site IP address.
This thread was automatically locked due to age.
