No succes with port forwarding

Home Page Forums Network Management ZeroShell No succes with port forwarding

This topic contains 5 replies, has 0 voices, and was last updated by  dodoman999 10 years ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #41980

    dodoman999
    Member

    Hello everybody, this is my first post, great product! but i’m having trouble with forwarding a port on zeroshell, internet within the lan is working, now i want to do some port forwarding for a (web)server, i don’t get it right, here is my information:
    – zeroshell 1.0.beta12 (usb)
    – eth0 = lan (dhcp 192.168.1.11- 192.168.1.253, webserver at 192.168.1.4)
    – eth1 = wan (adsl modem, internet is working within the lan)
    – virtual server = eht01/any tcp 80 192.168.1.4:80 (if I do any any internet stops working within the lan)
    – https only for 192.168.1.3 else i always get the zeroshell login page
    – firewall no changes = accept on all three (input, output and forward and no new rules)
    – with a standard sitecom router the webserver can be reached, but ofcourse i want to use zeroshell 😀

    I’ve looked through the forum (port forwarding and firewall) but as i said i cannot get it right. Hopefully someone can help me figure it out.

    #48938

    dodoman999
    Member

    More info:
    From the outside (internetside) the website is being reached, so that is working but within the lan i cannot reach the site except if i use 192.168.1.4/site but this is not the way i want to do it, normally i type the adress in the browser and the site comes up, this is important for me to get it working like this because i want to do some more port forwarding where i have the same problem, so port forwarding within the lan, i hope this all makes sense?

    #48939

    yum
    Member

    Try to add port forward rule for internal (ETH00) interface.

    – virtual server = eht00/EXTERNAL.IP.ADDR tcp 80 192.168.1.4:80

    Or if your LAN uses local DNS server, add A record for web server domain name pointing to 192.168.1.4, this can be easily done via ZS web interface.

    #48940

    dodoman999
    Member

    I’ve added the rule (yum)
    – virtual server = eth00/myip 80 192.168.1.4:80
    But the result is still the same, site can be reach from internet but not from lan with the site name/adress, site can be reached by lan via 192.168.1.4/site.

    I have not played around with dns, so that is something I have to take a look at.

    No solution yet but thank you for the reply

    #48941

    ppalias
    Member

    DNS is the only way to achieve what you wish. Port forward works on the interfaces that are NATing and the traffic comes through them, unless you use some other tools to achive it.

    #48942

    dodoman999
    Member

    Now don’t start yelling at me but i’v tried something else, don’t know if its a good thing or bad thing, I only had natted eth01 (my internet connection, sorry should have put this also in my first post), i put eth0 (my lan) also in the nat and now it works how i wanted it to work BUT is this allowed (secure is the better word)?
    Now it looks like this:
    – zeroshell 1.0.beta12 (usb)
    – eth0 = lan (dhcp 192.168.1.11- 192.168.1.253, webserver at 192.168.1.4)
    – eth1 = wan (adsl modem, internet is working within the lan)
    – virtual server = any/my ip tcp 80 192.168.1.4:80 (CHANGED)
    – https only for 192.168.1.3 else i always get the zeroshell login page
    – firewall no changes = accept on all three (input, output and forward and no new rules)
    – NAT eth00 and eth01 natted (CHANGED)
    Now it looks like everything works how i wanted.

    Please can you give me your opinion (based on miy info) if its ok or am i doing something weird with natting both eth00 and eth01.

    #48943

    yum
    Member

    If you NAT on internal interface, connections from WAN will all have the same IP address. It is not very convenient when analysing log files or using access rules on web server. So I use DNS method.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.