First off, apologies if this has been posted before. I'm using ASG v8 and have a single IP. This is a fresh ASG install with just a couple of other DNAT rules for RDP access. I have created a DNAT rule as follows: Traffic selector: Any -> HTTP -> External (WAN) (Address) Destination translation: -> HTTP Auto PF rule: checked Visiting my WAN address remotely correctly NATs to the web server. Trying to visit the WAN address internally does not. All of my previous experience is with Juniper SSGs and WatchGuards, and they typically work in this configuration. Any ideas would be great! Thanks!

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT Port 80 - cannot access internally by WAN IP

First off, apologies if this has been posted before.

I'm using ASG v8 and have a single IP. This is a fresh ASG install with just a couple of other DNAT rules for RDP access.

I have created a DNAT rule as follows:

Traffic selector: Any -> HTTP -> External (WAN) (Address)
Destination translation: -> HTTP
Auto PF rule: checked

Visiting my WAN address remotely correctly NATs to the web server. Trying to visit the WAN address internally does not.

All of my previous experience is with Juniper SSGs and WatchGuards, and they typically work in this configuration. Any ideas would be great!

Thanks!

This thread was automatically locked due to age.

0 BAlfson over 14 years ago

Hi, and welcome to the User BB!

First, before addressing your question, a hint about using DNATs in Astaro. It's a good habit to not fill in a field (address or service) that doesn't change. In the case of a single-port service, there's no problem, but if you use a service group in the service translation, the DNAT won't work.

There are two different ways to do what you want, DNS or full NAT. Search in the Astaro KnowledgeBase on: internal server.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 yruoc over 14 years ago in reply to BAlfson

I've tried playing around with it and I still don't seem to be able to make it work. I'm not using any service groups. I have an internal web server (with a private IP) that I want the ASG to direct HTTP traffic to based on my WAN IP. Currently, if I try to visit my WAN IP internally, it doesn't redirect to the web server I have a DNAT configured for. This matters for DNS. I don't want to set my internal DNS as authoritative for the domain name.

To reiterate, visiting http:// remotely forwards to the web server, but visiting http:// internally doesn't.

I really appreciate any help!
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 14 years ago

You don't need to make your internal DNS authoritative... you can put a static DNS entry in Astaro, or edit your HOST files on your PCs.

Another option is to put the webserver in a DMZ.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 x-cimo over 14 years ago in reply to BarryG

Full NAT is working for me.
Cancel
Vote Up 0 Vote Down

Cancel
0 yruoc over 14 years ago

Thanks, BarryG. That's probably what I'm going to do, I just wanted to accomplish it via NAT through my ASG. I just didn't want to have to make duplicate entries on my internal DNS (with private IP).
Cancel
Vote Up 0 Vote Down

Cancel
0 yruoc over 14 years ago in reply to x-cimo

What do I fill in for the fields in Full NAT?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 14 years ago

What happened when you tried the Full-NAT as described in the KnowledgeBase article I referenced above?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 yruoc over 14 years ago in reply to BAlfson

The first support article I found didn't work.

I found another support article that described how to configure Full NAT and it works!

Thanks.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 14 years ago

Cool. I'd rather ask good questions than give the answers.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel