Hello,
I have searched many posts and not found one that seems to answer my issus. I did have things working one time and lost the password for the admin account and had to reload the Astaro system. The backup option restores the old password so if you forget it, you are S.O.L. Anyway I have reloaded. I have many of the standard port forwarding working. I can also access my internal web server with the external I.P. from with in my network ( from behind the firewall)
I am trying to get a port forward set up for 2nd web server behind the firewall on port 8081,
I get this in the live log for the server:
13:53:30 Default DROP TCP
192.168.2.70 : 45110
→
64.22.199.118 : 8081
[SYN] len=60 ttl=64 tos=0x00 srcmac=00:23:54:82[:D]0:94 dstmac=00:02:b3:65:7a:f8
13:53:33 Default DROP TCP
192.168.2.70 : 45110
→
64.22.199.118 : 8081
[SYN] len=60 ttl=64 tos=0x00 srcmac=00:23:54:82[:D]0:94 dstmac=00:02:b3:65:7a:f8
This is what Ihave set:
The service is defined for 8081
the web servers are defined
under definitions under services:
name: https-8081
type of Def: TCP
Destination port: 8081
Source Port:8081
comment: cpu1-webview-8081
(I have a camera system with web http view set on port 8081)
Network Security
NAT
I tried two rules, one for Full NAT and one for DNAT and had no luck with either. (I understand in order to view internal web server from inside your network you need to use full NAT which works fine for my regular https connection.) I tried to copy my full NAT for my main web server and edit it for the port 8081.
The DNAT/SNAT rule is:
Name: cpu1-webview-8081
No group
Position 7
Traffic source Any
Traffic Service - my http-8081 service definition
traffic destination : external wan address
nat mode: full NAT
Destination cpu1 ( has correct address info already set)
destination service: left blank
Source: external wan address
Source Service: left blank
I am loggin initial packets
automatic packet filter rule is un checked
The 5 default packet filter rules that Astaro made are the only ones there and active ( green)
again I have played around between full NAT and DNAT, and not able to pull a 2nd Internet connection to test with. all neighborhood wireless are locked. I am using the most current version of Astaro with the home version.
I have the ssh on 22, http on 80 and https on 443 port forwarding working just fine for port forwards to servers behind the firewall and can reach them with the external I.P. from internal machines behind the firewall. I must be missing something simple.
Any suggestions, corrections? Would you still do it as FULL NAT? I want to reach these server by the external I.P. from external or internal machines.
This thread was automatically locked due to age.
