Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 2512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web server access from internet: Why doesn't this work?

jasperf
Hi,

I am trying to figure out why I am not able to reach the web server behing my UTM9 (Home) Firewall. Everything appears to be setup correctly, but I keep receiving "...could not open the page because the server stopped responding." I can reach the web server internally, but when I try to reach it over the internet, it doesn't want to work.


My setup:

internet -> W723V (VDSL) -> UTM9.100.16 -> web server

Port forwarding is being done on the W723V and I am able to reach the webadmin without any problems. I'm probably missing something very small [:S] and it's frustrating.

The connection is reaching the webserver (see packets coming in using tcpdump on the webserver). I've tried practically every solution here in the portal without success :frown:.

Any help would be greatly appreciated.

THank you.

jasperf

Here is the NAT Rule

Position: 2
Rule Type: DNAT
Matching Condition
For traffic from: Any
Using service: HTTP
Going to: Freeman-Ext (WAN) (Address)
Action
Change the destination to: NASBD636B


And the service to: HTTP
Automatic Firewall rule NO
Comment:
Advanced
Log initial packets YES

The RULESET

ANY ->HTTP->WebServer

This is what I am seeing in the logs.

2013:06:06-16:36:26 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:26 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:27 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:29 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:29 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:30 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:30 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:33 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:36 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:38 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"


This thread was automatically locked due to age.
Parents
  • 0
    Hi ,

    The example you show it's a full NAT.
    Use a regular NAT from external interface to the internal server and check the box automatic packet filter rule.
    Make sure your internal LAN in masqueraded to the external interface WAN.
    This should do the work.

    All my best .

    Gilipeled
Reply
  • 0
    Hi ,

    The example you show it's a full NAT.
    Use a regular NAT from external interface to the internal server and check the box automatic packet filter rule.
    Make sure your internal LAN in masqueraded to the external interface WAN.
    This should do the work.

    All my best .

    Gilipeled
Children
No Data