Hi, Ive been able to get Destination NAT working for my local http server, however when I try to access the website from with-in the GREEN network then it does not work. Any ideas?
<ANY>:80 ---(NAT)---> 192.168.1.10:80 <ANY>:443 ---(NAT)---> 192.168.1.10:443 Vikash. At 05:59 AM 18-11-09, Zola wrote: >Hi! > >its dosen't matter where use. > >Some simple example: > >DNAT: >incoming connection from internet to PUBLIC IP address http port. >(your http server in your network with PRIVATE ip address) >Connection: 195.x.x.x(client from internet,source) to >PUBLICIP(destination) TCP 80 > >rule: Source(ALL client in the world) Target(your UPLINK or RED) >Service/Port TCP/80 Translate to 192.168.1.2(youe PRIVATE webserver) > >after "translation" looks like this: >195.x.x.x(client from internet,source) to 192.168.1.2(destination) TCP 80 > >You see DNAT translate destination address. > > >SNAT: >example(last time i set similar rule..) you have Special VPN router in >DMZ, the default GW not endian, the device forward all packages to GW >when try to reach 192.168.0.x network. the device only known >172.16.0.x is a LAN. >GREEN: 192.168.0.x >ORANGE: 172.16.0.x endianip: 172.16.0.1 > >You try to connect your client >Connection: 192.168.0.2(source) to 172.16.0.2(VPNrouter,destination) >http port. >You cant connect, because 172.16.0.2 sent packages to 192.168.0.2 via >own other gateway. > >rule: Source(192.168.0.2 or GREEN) Destination(172.16.0.2) >Service/Port TCP/80 Translate to 172.16.0.1(your endian IP) > >after "translation" looks like this: >172.16.0.1(source) to 172.16.0.2(destination) TCP 80 > >Now, VPNrouter able to sent back packeges ( endian translate ip back >to original source) and you receive on your client. > > >i hope that helps. > > >Zola > > >2009/11/16 jonas kellens <jonas.kell...@telenet.be>: > > http://docs.endian.com/firewall.html > > > > This the documentation, but I must say it is very brief ! > > > > Still don't know if I need Destination NAT or Source NAT. Both are offering > > the NATting of a public IP-address to a private IP-address. > > > > If I'm running a webserver, Source NAT will offer me the ability to > > portforward incoming traffic on my public IP-address to the private address > > of the webserver. > > The documentation even states "Adding Source NAT rules is similar to adding > > port forwarding rules" > > > > In my opinion Destination NAT goes a little bit further. The documentation > > states : > > "It is possible to define which port on which interface should be forwarded > > to a given host and port". > > > > So here I can even implement a port-forwarding rule from the GREEN network > > to the ORANGE network. So if I state that port 80 needs to be forwarded to > > the webserver on the ORANGE network I will be unable to browse websites on > > the public Internet. > > > > So am I right that Source NAT is port forwarding from RED to > GREEN or ORANGE > > ?? > > And am I right that Destination NAT is port forwarding from whichever > > network to whichever network ?? (GREEN to GREEN, GREEN to ORANGE, GREEN to > > RED, ORANGE to GREEN,...) > > > > Really need some clarification here !! > > > > Jonas. > > > > On Thu, 2009-11-12 at 21:30 +0000, oneforall immortal wrote: > > > > Hi > > I have the same problem too with this weird split tabs . > > I'm just about to give up and use 2.2 again since it made more sense > > I'm trying to get incoming port 587 to redirect to my mail box on the > > lan(green) but I see in the /var/log/messages it is getting INPUT:DROP > > But I have <ANY Uplink>(tried Uplink main [RED]) 192,168,1,2 Allow with > > ips(tried ALLOW) > > User defined TCP 587 Translate to ip nat 192.168.1.2 port 587 > > It was so much easier the old way . I even tried the incomimng ,which I > > thought should be it since its an incomimg port I want to redirect. But > > neither allows you to say what the incoming port is . I don't think we > > really want it to be any . I also can't tell the diff with Destination NAT > > and Incoming routed traffic. The names are a bit misleading . > > The help also isn't working : > > Not Found > > The requested URL /2.3/en/firewall.html was not found on this server. > > Apache/2.0.52 (CentOS) Server at docs.endian.com Port 80 > > Some new things look really good. But I need my incoming email to work :) > > Also this eamil system is so darn complicated to use. I can't > figure out how > > to add coments or add a new bug etc. > > So far because i got your email I'm trying to use this to hopefully get > > answers and see it added to yours to confirm it. > > But even the email didn't have a link to yours . It took me a whiel to > > figure it out where to go O.o > > I thought kde mail was bad .:) > > > > > > > ------------------------------------------------------------------------------ > > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > > trial. Simplify your report design, integration and deployment - and focus > > on > > what you do best, core application coding. Discover what's new with > > Crystal Reports now. http://p.sf.net/sfu/bobj-july > > _______________________________________________ > > Efw-user mailing list > > Efw-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/efw-user > > > > > >------------------------------------------------------------------------------ >Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >trial. Simplify your report design, integration and deployment - and focus on >what you do best, core application coding. Discover what's new with >Crystal Reports now. http://p.sf.net/sfu/bobj-july >_______________________________________________ >Efw-user mailing list >Efw-user@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
