VirtualSrver-can’t access published srv from internal LAN

Home Page Forums Network Management ZeroShell VirtualSrver-can’t access published srv from internal LAN

This topic contains 0 replies, has 0 voices, and was last updated by  windstorm 2 years, 3 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #44186

    windstorm
    Member

    Hi there,

    I’m new to ZS, and just deployed it as a firewall/router for my office. The diagram looks like as below:

    (WAN-External IP) – Internet Router – (LAN:192.168.2.1, DMZ enabled to 192.168.2.3) < ---> (ETH01: 192.168.2.3) – ZS – (ETH00: 192.168.151.1) < ---> (Internal network: 192.168.151.x) – Published Servers / Clients

    My situation is as below:
    – Clients / Servers access Internet: OK
    – Access to the published servers (ssh, web, …): OK. E.g: https://$WAN-ExternalIP:$publishedport/ –> OK
    – The issue is the clients inside internal network cannot access the published services using the WAN external IP, with the above example: https://$WAN-ExternalIP:$publishedport/ –> not reachable.

    The published services are primarily with port number different from the real port number running locally on the servers, e.g: port 28080 is forwarded to port 80 on the local server.

    The following is one of the log entries thrown when I tried the above access:

    [NEW] tcp 6 120 SYN_SENT src=192.168.151.197 dst= sport=49477 dport=28080 [UNREPLIED] src= dst=192.168.2.3 sport=28080 dport=49477 mark=100

    (Note: 192.168.151.197 is the client IP from inside internal LAN; WAN IP address was removed for security reason; 28080 is the published port, it’s supposed to be forwarded to port 80 on the server 192.168.151.28, however the forwarding seems never reach the actual server)

    I appreciate if any one can shed some light for troubleshouting

    Thanks
    WS[/b]

    #53683

    pgbuz
    Participant
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.