Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 2 subscribers
  • Views 1278 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webserver DNAT issue with outgoing http Traffic

heckpiet
Hi Everyone,

I'am going crazy with this issue. Maybe some one of you can help me.

Let me explain my Szenerio:

I got a ASL ASG 110 Box. Behind this Box is my Debian Webserver.
I created a Rule within the Packet Filter to allow Traffic on Port 80 into the Webserver.

The next thing what I did is to create a DNAT Rule to enable Traffic from my External NIC (Internet) into my Internal Websever. 

Now i can reach the Webserver via my External Adress but if i try to browse the internet from my Webserver I dont get any replies. Browsing from the Webserver to https sites are working fine.

After I disable my DNAT rule I'am able tp browse the web via http and https from the webserver.

Any ideas ?? 

I attached the screenshots from my DNAT and Packet Filter rule.

thanks

Piet


This thread was automatically locked due to age.
Parents
  • 0
    Your DNAT rule needs to have "External (Address)" in 'Traffic destination'.  It presently directs ALL traffic back to your server instead of just the traffic from the outside world.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi thanks for the hint - but If I change my DNAT Rule, I'am able to browse the web with the Webserver but my DNAT Rule to access the Website from the outside world is no more woking.

    Any other ideas ??
  • 0 in reply to heckpiet
    Again, the 'Traffic destination' must be "External (Address)" and you can leave 'Destination serrvice' empty because you arent changing that.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob,

    thanks again for your replay.

    Now I changed the the DNAT Rule but now My Webserver is no more accessable from the outside world.

    Any Ideas ?

    do I have to create a second DNAT Rule ?

    Thanks

    Peter
  • 0 in reply to heckpiet
    Helo Peter,

    must be:

    'Traffic Source' -> 'ANY'
    'Traffic Service' -> 'HTTP'
    'Traffic Destination' ->  'EXTERN'

    'Destination' -> 'C3MA-SRV3'
    'Destination service' -> 'HTTP'

    'Automatic packet filter rule' -> 'ON'
  • 0 in reply to Kestutis
    Correct, but you can leave 'Destination service' blank because that is not being changed.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Kestutis
    Correct, but you can leave 'Destination service' blank because that is not being changed.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Cookie Information Banner