Okay - so maybe someone needs to just point me to Astaro for Dummies , but I'm having difficulties. I am a long time Novell BorderManager user, so perhaps I just need more of a primer on terminology, but I'm having some difficulties!
This morning I tried to switch over my system to the Astaro Security Gateway, and I just couldn't seem to get it to work. There were three main services that if I could get them up and running I could handle the pain of learning the rest, but one of those two services just wasn't cooperating.
Server 1's (192.168.100.235) most important external functions are hosting an SMTP server and web server
Server 2's (192.168.100.228) most important external function is our primary DNS server.
I got all of the configuration done for Server 1 first - here's what I did:
Under Interfaces, I have added the additional public IP addresses that correspond to these two servers. We'll just call them external1 and external2.
Under Networks, I defined hosts for the private IP addressees - we'll call them internal1 and internal2
Under packet filters, I defined an Any SMTP to internal1
Under NAT I defined a DNAT for Any SMTP to external1 to internal1 SMTP
Under NAT I defined an SNAT from traffic source internal1 SMTP to any for external1 SMTP
Email was flowing in just fine, and any email out that was going to a "known" destination by the server (i.e., in the transport table), was also going out, but no DNS was working, since the server has our internal DNS server defined, and it wasn't working (see below).
For server 2 I did pretty much the exact same thing as above:
Under packet filters, I defined an Any DNS to internal2
Under NAT I defined a DNAT for Any DNS to external2 to internal2 DNS
Under NAT I defined an SNAT from traffic source internal2 DNS to any for external2 DNS
Didn't work - got log entries like this:
2007:11:15-07:50:37 (none) ulogd[2789]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" dstmac="00:11:11:bd[:D]4:49" srcmac="00:0c:29:c3:a0:3b" srcip="192.168.100.228" dstip="192.168.100.225" proto="17" length="69" tos="0x00" prec="0x00" ttl="128" srcport="53" dstport="32786"
Astaro is 192.168.100.225
So, I'm a bit lost.
As I say, maybe some better understanding of terminology might help. If you do a packet filter in Astaro, is it by default what BorderManager would call a "stateful" filter? I got desparate and tried a packet filter to all ALL traffic from internal2 to any, but that didn't seem to help either. Is it just because it's DNS and it's getting routed to the Astaro DNS server somehow and getting confused?
Thanks! I have a few other questions, but they will come in a different thread!
Danita
This thread was automatically locked due to age.
