Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 2 subscribers
  • Views 4052 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need to route an external IP

nosil
Hi there,

I try to explain my need I have.

First of all, I have an ASG220 with the Firmware 7.405.

What I need to do is, to grant access from an external IP to an internal specific IP address.

Exemple:

AAA.AAA.AAA.AAA is the external IP
BBB.BBB.BBB.BBB is our public (visible) IP address
CCC.CCC.CCC.CCC is the target internal IP address to reach.

How can I configure this, that the person from the A IP address can open a remote session on the C IP address?

I hope that I was clear enough and sorry if this thread already exist.


Thanks in advance

NoSiL


This thread was automatically locked due to age.
Parents
  • 0
    Simply create a new DNAT Rule ("Network Security->NAT->DNAT/SNAT").

    Traffic Source: external host
    Traffic Service:  the service which has to be accessible
    Traffic Destination: External IP of ASG

    NAT mode: DNAT(Destination)
    Destination: internal host
    Destination Service: the service which has to be accessible

    Automatic packet filter rule:  there are as many opinions as Astaro-users....
    yes:  it works, but you do not see the rules in "Network Security-> Packet Filter"
    no: you have to create the PF-rules manually.

    Regards,
    Thomas
  • 0 in reply to tbrandl
    Hi Thomas,

    Thank you for your fast react.

    That is exactly what I did. But it didn't worked.

    The problem is, that the software that need access to the internal server, only attacks the external IP of ASG.

    How can he connect to the server (with internal IP) mentionning the external IP of ASG?

    Do you understand what I mean?


    Many thanks for your help.

    NoSiL
  • 0 in reply to nosil
    Which Port(s) are used for the access?
    Check the packet filter log!

    Did you use auto packet filter?
  • 0 in reply to tbrandl
    I need the following ports to be open:

    3388
    5540:5550
    5611

    I have for test issues opened the port from 3388:5611.

    Yes, the option auto Packet filter rule is activated.
Reply Children
  • 0 in reply to nosil
    tcp or udp? whatever....
    Try/Check:
    Definitions->Services->New service definition.....

    Name:  Servicename
    Type of Definition:  TCP/UDP  (whatever is suitable for you here)
    Destination port: 3388:5611
    Source port: 1:65535

    Then build the DNAT rule with the service assigned above.

    After that: Is it running?  If not, again, what says your packet filter log?

    Regards,
    Thomas