Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Subscribers 6 subscribers
  • Views 26178 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why can my internal network not access any externally exposed service?

PeterSmolders

I have NAT and Firewall entries for several services, such as mail server, web server etc. 

I can access these services perfectly from any external network connecting to my WAN port.

But I cannot access any of these services from devices that are inside my LAN.

Example: My phone can get email from the mail server perfectly when it is connected to GPRS, but it cannot when it is connected to my LAN via Wifi.

Can anybody tell me what is wrong?



This thread was automatically locked due to age.
Parents
  • 0
    I'm probably over my head and I don't know anything about your network topology. If the servers are resolving internal IPs then internal traffic might not be going through the UTM at all. If it is going through the UTM, then internal LANs will need different firewall rules than external connections.
  • 0 in reply to SteveHart
    Could be, but how would I allow it?
  • 0 in reply to PeterSmolders
    If the servers are on different internal LANs than the clients you will need a policy to allow it.

    ie. A new policy from "Basement Client LAN", Service: FTP, To: FTPServer, Allow.

    It's hard to know more without knowing your network. You probably have a policy allowing traffic from "Internet IPv4" or something similar, to make the outside traffic work. You'll need something similar for LAN1 to LAN2 traffic.
  • 0 in reply to SteveHart

    Thanks, but that's not it.
    My network is as simpel as it gets. Only one LAN, and servers inside that LAN.

    Example:

    Phone outside house (i.e. NO WiFi) -> Internet -> UTM -> My Mail Server (works fine)
    Phone inside house (i.e. WiFi) -> Internet -> UTM -> My Mail Server (doesn't work)

    So, when my phone has a public IP it can get mail from the mail server, but when my Phone has an internal IP (same range as the mail server), it cannot get mail.

  • 0 in reply to PeterSmolders
    Hi, Peter, and welcome to the UTM Community!

    This is a classic routing problem. You need either Full NATs for traffic coming from your internal network or split DNS where FQDNs are resolved to internal IPs when connected to the internal network.

    Cheers - Bob
Reply Children