Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Subscribers 6 subscribers
  • Views 26178 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why can my internal network not access any externally exposed service?

PeterSmolders

I have NAT and Firewall entries for several services, such as mail server, web server etc. 

I can access these services perfectly from any external network connecting to my WAN port.

But I cannot access any of these services from devices that are inside my LAN.

Example: My phone can get email from the mail server perfectly when it is connected to GPRS, but it cannot when it is connected to my LAN via Wifi.

Can anybody tell me what is wrong?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to BAlfson
    Thanks Bob! The Full-NAT option works! However that is a lot of redundant work (making 2 rules for every port you want to 'open').

    The DNS option would be better, but than one should also be able to specify a port. If my domain is used to reach a server, depending on the port, it goes to different servers. Is that possible?

    Cheers ,
    Peter
Children
  • 0 in reply to PeterSmolders
    Hi Peter,
    Could you be more specific on the way you implemented your solution. I have a Full Nat and DNat in place for my scenario but I am still at a loss for getting it to work, internally via hostname rather than IP??? Racking my brain on this because according to the documentation it should be much easier than it has been. Any help would be greatly appreciated.
  • 0 in reply to JaisonAzman

    Hi Jaison,

    I've got this:

    Position 1
    Full NAT
    Traffic selector: Internal (Network) -> IMAP SSL -> External (WAN) Address
    Source translation: Internal (address)
    Destination translation: Mail Server
    Automatic Firewall rule: V

    Position 2
    DNAT
    Traffic selector: Any -> IMAP SSL -> External (WAN) Address
    Destination translation: Mail Server
    Automatic Firewall rule: V

    Mail Server is on 192.168.1.20

    Goodluck!