My configuration is very simple, an Astaro SW 6.202, two NICS, eth0 is Internal, eht1 is external (DHCP).
Everything has been working fine since installation, no problems at all.
I have a web server in my internal network (192.168.0.100/24), the server is listening on a non-standard TCP port (4000), because my ISP will block TCP packets directed to port TCP 80.
So, I want to publish my web server to the internet.
This is what I do:
I create a Network definition: web server (host) 192.168.0.100
I create a service definition: HTTP non standard: TCP 4000
I create a DNAT rule: from ANY to Internet (adress) Service: HTTP non standard ------> change destination to web server.
BEFORE i create the necesary packet filter rule, I open the packet filter live log and ask a friend on the internet to browse the ip and port like this
http://MY_EXTERNAL_IP:4000
According to what I understand, DNAT rules are applied BEFORE packet filter, so in the packet filter live log I should see something like this:
EXTERNAL_IP_ADRESS_OF_FRIEND PORT XXXX -> 192.168.0.100 (my internal web server, since the DNAT rule should be applied by now) PORT 4000.
Instead I see the same thing but i see my external IP adress instead of 192.168.0.100, so I presume DNAT rule is NOT working.
I've tried changing the DNAT rule, I've changed ANY (in source) to NO MATCH, with the same results... [:(]
I have IPS on, and in the Advanced IPS definitions I have my internal webserver listed in the webservers selection box, and HTTP non standard as the HTTP service.
Did I do something wrong?
Thanks in advance.
ps: I had ISA Server before ASG and I was able to publish my internal web server with no problems at all.
This thread was automatically locked due to age.
