Hi again. Just wanted to report that this issue has been resolved. Change of the NIC's and a new install solved at least my issue.
/rune rune2001 wrote: > > Thanks Peter, for the reply and for trying to help. > > My firewall is NOT behind any NAT device. > Server has default gateway/route of the GREEN interface on my endian > firewall (192.168.0.1), exactly as it was with my previous IPCop > installation. > > RED IP-Address: 81.170.184.116 (ETHERNET DHCP) > GREEN IP-Address: 192.168.0.1 > Webserver on Green: 192.168.0.10 > > > Below are the information that you requested: > ----------------------------------------------------------------------------------------- > iptables -t nat -vnL > ----------------------------------------------------------------------------------------- > Chain PREROUTING (policy ACCEPT 240K packets, 13M bytes) > pkts bytes target prot opt in out source > destination > 0 0 all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 240K 13M CUSTOMPREROUTING all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 240K 13M OPENVPNCLIENT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 240K 13M ENACCESS all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 240K 13M SIPROXDPORTFW all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 240K 13M CONTENTFILTER all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 240K 13M SQUID all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 240K 13M DNSMASQ all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 240K 13M PORTFW all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain POSTROUTING (policy ACCEPT 206 packets, 25428 bytes) > pkts bytes target prot opt in out source > destination > 234K 13M CUSTOMPOSTROUTING all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 234K 13M REVERSENAT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 234K 13M REDNAT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 207 25472 POSTPORTFW all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain OUTPUT (policy ACCEPT 79 packets, 11713 bytes) > pkts bytes target prot opt in out source > destination > > Chain CONTENTFILTER (1 references) > pkts bytes target prot opt in out source > destination > > Chain CUSTOMPOSTROUTING (1 references) > pkts bytes target prot opt in out source > destination > > Chain CUSTOMPREROUTING (1 references) > pkts bytes target prot opt in out source > destination > 4 208 SMTPSCAN tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:25 > > Chain DNSMASQ (1 references) > pkts bytes target prot opt in out source > destination > > Chain ENACCESS (1 references) > pkts bytes target prot opt in out source > destination > > Chain OPENVPNCLIENT (1 references) > pkts bytes target prot opt in out source > destination > > Chain PORTFW (1 references) > pkts bytes target prot opt in out source > destination > 0 0 DNAT tcp -- * * 0.0.0.0/0 > 81.170.184.116 tcp dpt:80 to:192.168.0.10:80 > 0 0 DNAT udp -- * * 0.0.0.0/0 > 81.170.184.116 udp dpt:53 to:192.168.0.10:53 > 0 0 DNAT tcp -- * * 0.0.0.0/0 > 81.170.184.116 tcp dpt:53 to:192.168.0.10:53 > > Chain POSTPORTFW (1 references) > pkts bytes target prot opt in out source > destination > 0 0 SNAT tcp -- * * 192.168.0.0/24 > 192.168.0.10 tcp dpt:80 to:192.168.0.1 > 0 0 SNAT udp -- * * 192.168.0.0/24 > 192.168.0.10 udp dpt:53 to:192.168.0.1 > 0 0 SNAT tcp -- * * 192.168.0.0/24 > 192.168.0.10 tcp dpt:53 to:192.168.0.1 > > Chain REDNAT (1 references) > pkts bytes target prot opt in out source > destination > 104 5765 SNAT all -- * eth1 0.0.0.0/0 > 0.0.0.0/0 to:81.170.184.116 > > Chain REVERSENAT (1 references) > pkts bytes target prot opt in out source > destination > 0 0 SNAT tcp -- * eth1 192.168.0.10 > 0.0.0.0/0 tcp dpt:80 to:81.170.184.116 > 1 75 SNAT udp -- * eth1 192.168.0.10 > 0.0.0.0/0 udp dpt:53 to:81.170.184.116 > 0 0 SNAT tcp -- * eth1 192.168.0.10 > 0.0.0.0/0 tcp dpt:53 to:81.170.184.116 > > Chain SIPROXDPORTFW (1 references) > pkts bytes target prot opt in out source > destination > > Chain SMTPSCAN (1 references) > pkts bytes target prot opt in out source > destination > > Chain SQUID (1 references) > pkts bytes target prot opt in out source > destination > > > > ----------------------------------------------------------------------------------------- > iptables -vnL PORTFWACCESS > ----------------------------------------------------------------------------------------- > > Chain PORTFWACCESS (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 > 192.168.0.10 tcp dpt:80 > 0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 > 192.168.0.10 udp dpt:53 > 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 > 192.168.0.10 tcp dpt:53 > > > ----------------------------------------------------------------------------------------- > > > > > > Again, thanks for any help with this! > > Regards > > rune > > > > > > > > > > > > > > > ---------------------------------------------------------------------------------------------------------------------------------- > > > Peter Warasin wrote: >> >> hi >> >> normally it is one of the following issues: >> >> # Endian Firewall is behind a NAT device >> >> Endian Firewall is behind another device which does NAT, like a router >> or another firewall which does not allow connections going through the >> device directly to the firewall. >> >> You can solve this by configure a port forwarding also on that device to >> the Endian Firewall's RED ip. >> >> # Server has wrong default gateway >> The Server to which the portforwarding should go has configured a wrong >> or no default gateway. Connections will be directed to the target ip >> address but since there is a wrong default gateway, packets will not be >> directed through Endian Firewall. >> >> >> If both do not apply, please log into your box and send us the output of: >> iptables -t nat -vnL >> iptables -vnL PORTFWACCESS >> >> please provide also your red ip address and the ip address of the server >> you want to forward to. >> >> peter >> >> rune2001 wrote: >>> Seems like there are others out there that has the same problem... >>> I have this problem too, it worked perfectly with my old IPCop >>> installation. >>> I would like to solve the problem instead of changing back to IPCop. >>> As I have seen several people having the same issue, it seems like the >>> problem is real. >>> >>> Is there any way for a "non-linux-guru" to do some error checking? >>> i have checked the "iptables -L PORTFWACCESS" and it shows nothing >>> wrong. >>> >>> Please help us Obi-Wan, you are our only hope! >>> >>> Regards >>> rune >>> >>> >>> >>> >>> >>> Mircea Draghici wrote: >>>> I have just updated my endian box to efw 2.1 and port forwarding is not >>>> working. I looked in the iptables and the portforward chain seems to be >>>> correct but I cannot access any of the ports I have opened. Does anyone >>>> have any ideas on what can I do to get this going? I have stoped all >>>> other >>>> services, rebooted the machine and still cannot get anything up. any >>>> help >>>> would be greatly appreciated. >>>> >>>> all the best, >>>> >>>> ~mircea >>>> >>>> __________________________________________________ >>>> Do You Yahoo!? >>>> Tired of spam? Yahoo! Mail has the best spam protection around >>>> http://mail.yahoo.com >>>> ------------------------------------------------------------------------- >>>> Take Surveys. Earn Cash. Influence the Future of IT >>>> Join SourceForge.net's Techsay panel and you'll get the chance to share >>>> your >>>> opinions on IT & business topics through brief surveys - and earn cash >>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>>> _______________________________________________ >>>> Efw-user mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>> >>>> >>> >> >> >> -- >> :: e n d i a n >> :: open source - open minds >> >> :: peter warasin >> :: http://www.endian.it :: [EMAIL PROTECTED] >> >> begin:vcard >> fn:Peter Warasin >> n:;Peter Warasin >> org:Endian GmbH/Srl >> adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia >> email;internet:[EMAIL PROTECTED] >> tel;work:+39 0471 631763 >> tel;fax:+39 0471 631764 >> x-mozilla-html:FALSE >> url:http://www.endian.it >> version:2.1 >> end:vcard >> >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to share >> your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Efw-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/efw-user >> >> > > -- View this message in context: http://www.nabble.com/-Efw-user--help%3A-efw-2.1-port-forwarding-not-working-tf2940548.html#a9260050 Sent from the efw-user mailing list archive at Nabble.com. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
