[ previous ] [ next ] [ threads ]
 
 From:  "Jim Berryman" <jrberryman at chartermi dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Problem with port re-directs
 Date:  Mon, 26 Jan 2004 22:18:01 -0500
WAN = 24.247.106.26
LAN = 192.168.1.0 /24
DMZ = 192.168.2.0 /24 (not used at this time)

Outbound works fine.
My ISP blocks inbound traffic to well known ports (21, 23, 80, 443, etc)
I want to do inbound (WAN) port re-directs to a server @ 192.168.1.2 (see NAT below)
If I telnet from an outside client to 192.168.1.2:2223, it times out. Nothing appears in the
logs.....
Where'd I screw up? (This works fine on OpenBSD & pf)

Thanks,





==================================================================================================================================================

Firewall: NAT

      Inbound Server NAT 1:1 Outbound   
            Proto Ext. port range NAT IP
            (ext. IP) Int. port range Description  
            TCP  2221  192.168.1.2  21 (FTP)  Allow FTP to AS/400      
            TCP  2223  192.168.1.2  23 (Telnet)  Allow Telnet to AS/400      
            TCP  2280  192.168.1.2  80 (HTTP)  Allow HTTP connection from WAN      
            TCP  2443  192.168.1.2  443 (HTTPS)  Allow HTTPS connection to AS/400      
     



===================================================================================================================================================

Firewall: Rules

      WAN interface  
        Proto Source Port Destination Port Description  
        TCP  *  *  192.168.1.2  23 (Telnet)  NAT Allow Telnet to AS/400     
          
        TCP  *  *  192.168.1.2  80 (HTTP)  NAT Allow HTTP connection from WAN     
          
        TCP  *  *  192.168.1.2  21 (FTP)  NAT Allow FTP to AS/400     
          
        ICMP  *  *  *  *  Allow ICMP     
          
        TCP  *  *  192.168.1.2  443 (HTTPS)  NAT Allow HTTPS connection to AS/400     
          
        TCP/UDP  *  *  192.168.2.1  *  DMZ     
          
        TCP/UDP  *  *  *  137 - 139       
          
     
      LAN interface  
        Proto Source Port Destination Port Description  
        *  LAN net  *  *  *  Default LAN -> any     
          
        TCP/UDP  *  *  *  137 - 139