Thanks Peter, for the reply and for trying to help.
My firewall is NOT behind any NAT device.
Server has default gateway/route of the GREEN interface on my endian
firewall (192.168.0.1), exactly as it was with my previous IPCop
installation.
RED IP-Address: 81.170.184.116 (ETHERNET DHCP)
GREEN IP-Address: 192.168.0.1
Webserver on Green: 192.168.0.10
Below are the information that you requested:
-----------------------------------------------------------------------------------------
iptables -t nat -vnL
-----------------------------------------------------------------------------------------
Chain PREROUTING (policy ACCEPT 240K packets, 13M bytes)
pkts bytes target prot opt in out source
destination
0 0 all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
240K 13M CUSTOMPREROUTING all -- * * 0.0.0.0/0
0.0.0.0/0
240K 13M OPENVPNCLIENT all -- * * 0.0.0.0/0
0.0.0.0/0
240K 13M ENACCESS all -- * * 0.0.0.0/0
0.0.0.0/0
240K 13M SIPROXDPORTFW all -- * * 0.0.0.0/0
0.0.0.0/0
240K 13M CONTENTFILTER all -- * * 0.0.0.0/0
0.0.0.0/0
240K 13M SQUID all -- * * 0.0.0.0/0
0.0.0.0/0
240K 13M DNSMASQ all -- * * 0.0.0.0/0
0.0.0.0/0
240K 13M PORTFW all -- * * 0.0.0.0/0
0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 206 packets, 25428 bytes)
pkts bytes target prot opt in out source
destination
234K 13M CUSTOMPOSTROUTING all -- * * 0.0.0.0/0
0.0.0.0/0
234K 13M REVERSENAT all -- * * 0.0.0.0/0
0.0.0.0/0
234K 13M REDNAT all -- * * 0.0.0.0/0
0.0.0.0/0
207 25472 POSTPORTFW all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 79 packets, 11713 bytes)
pkts bytes target prot opt in out source
destination
Chain CONTENTFILTER (1 references)
pkts bytes target prot opt in out source
destination
Chain CUSTOMPOSTROUTING (1 references)
pkts bytes target prot opt in out source
destination
Chain CUSTOMPREROUTING (1 references)
pkts bytes target prot opt in out source
destination
4 208 SMTPSCAN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25
Chain DNSMASQ (1 references)
pkts bytes target prot opt in out source
destination
Chain ENACCESS (1 references)
pkts bytes target prot opt in out source
destination
Chain OPENVPNCLIENT (1 references)
pkts bytes target prot opt in out source
destination
Chain PORTFW (1 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- * * 0.0.0.0/0
81.170.184.116 tcp dpt:80 to:192.168.0.10:80
0 0 DNAT udp -- * * 0.0.0.0/0
81.170.184.116 udp dpt:53 to:192.168.0.10:53
0 0 DNAT tcp -- * * 0.0.0.0/0
81.170.184.116 tcp dpt:53 to:192.168.0.10:53
Chain POSTPORTFW (1 references)
pkts bytes target prot opt in out source
destination
0 0 SNAT tcp -- * * 192.168.0.0/24
192.168.0.10 tcp dpt:80 to:192.168.0.1
0 0 SNAT udp -- * * 192.168.0.0/24
192.168.0.10 udp dpt:53 to:192.168.0.1
0 0 SNAT tcp -- * * 192.168.0.0/24
192.168.0.10 tcp dpt:53 to:192.168.0.1
Chain REDNAT (1 references)
pkts bytes target prot opt in out source
destination
104 5765 SNAT all -- * eth1 0.0.0.0/0
0.0.0.0/0 to:81.170.184.116
Chain REVERSENAT (1 references)
pkts bytes target prot opt in out source
destination
0 0 SNAT tcp -- * eth1 192.168.0.10
0.0.0.0/0 tcp dpt:80 to:81.170.184.116
1 75 SNAT udp -- * eth1 192.168.0.10
0.0.0.0/0 udp dpt:53 to:81.170.184.116
0 0 SNAT tcp -- * eth1 192.168.0.10
0.0.0.0/0 tcp dpt:53 to:81.170.184.116
Chain SIPROXDPORTFW (1 references)
pkts bytes target prot opt in out source
destination
Chain SMTPSCAN (1 references)
pkts bytes target prot opt in out source
destination
Chain SQUID (1 references)
pkts bytes target prot opt in out source
destination
-----------------------------------------------------------------------------------------
iptables -vnL PORTFWACCESS
-----------------------------------------------------------------------------------------
Chain PORTFWACCESS (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
192.168.0.10 tcp dpt:80
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0
192.168.0.10 udp dpt:53
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
192.168.0.10 tcp dpt:53
-----------------------------------------------------------------------------------------
Again, thanks for any help with this!
Regards
rune
----------------------------------------------------------------------------------------------------------------------------------
Peter Warasin wrote:
>
> hi
>
> normally it is one of the following issues:
>
> # Endian Firewall is behind a NAT device
>
> Endian Firewall is behind another device which does NAT, like a router
> or another firewall which does not allow connections going through the
> device directly to the firewall.
>
> You can solve this by configure a port forwarding also on that device to
> the Endian Firewall's RED ip.
>
> # Server has wrong default gateway
> The Server to which the portforwarding should go has configured a wrong
> or no default gateway. Connections will be directed to the target ip
> address but since there is a wrong default gateway, packets will not be
> directed through Endian Firewall.
>
>
> If both do not apply, please log into your box and send us the output of:
> iptables -t nat -vnL
> iptables -vnL PORTFWACCESS
>
> please provide also your red ip address and the ip address of the server
> you want to forward to.
>
> peter
>
> rune2001 wrote:
>> Seems like there are others out there that has the same problem...
>> I have this problem too, it worked perfectly with my old IPCop
>> installation.
>> I would like to solve the problem instead of changing back to IPCop.
>> As I have seen several people having the same issue, it seems like the
>> problem is real.
>>
>> Is there any way for a "non-linux-guru" to do some error checking?
>> i have checked the "iptables -L PORTFWACCESS" and it shows nothing wrong.
>>
>> Please help us Obi-Wan, you are our only hope!
>>
>> Regards
>> rune
>>
>>
>>
>>
>>
>> Mircea Draghici wrote:
>>> I have just updated my endian box to efw 2.1 and port forwarding is not
>>> working. I looked in the iptables and the portforward chain seems to be
>>> correct but I cannot access any of the ports I have opened. Does anyone
>>> have any ideas on what can I do to get this going? I have stoped all
>>> other
>>> services, rebooted the machine and still cannot get anything up. any
>>> help
>>> would be greatly appreciated.
>>>
>>> all the best,
>>>
>>> ~mircea
>>>
>>> __________________________________________________
>>> Do You Yahoo!?
>>> Tired of spam? Yahoo! Mail has the best spam protection around
>>> http://mail.yahoo.com
>>> -------------------------------------------------------------------------
>>> Take Surveys. Earn Cash. Influence the Future of IT
>>> Join SourceForge.net's Techsay panel and you'll get the chance to share
>>> your
>>> opinions on IT & business topics through brief surveys - and earn cash
>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>>> _______________________________________________
>>> Efw-user mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>
>>>
>>
>
>
> --
> :: e n d i a n
> :: open source - open minds
>
> :: peter warasin
> :: http://www.endian.it :: [EMAIL PROTECTED]
>
> begin:vcard
> fn:Peter Warasin
> n:;Peter Warasin
> org:Endian GmbH/Srl
> adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia
> email;internet:[EMAIL PROTECTED]
> tel;work:+39 0471 631763
> tel;fax:+39 0471 631764
> x-mozilla-html:FALSE
> url:http://www.endian.it
> version:2.1
> end:vcard
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Efw-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
--
View this message in context:
http://www.nabble.com/-Efw-user--help%3A-efw-2.1-port-forwarding-not-working-tf2940548.html#a9087350
Sent from the efw-user mailing list archive at Nabble.com.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
