I am a noob to this firewall and I have a fairly simple setup, I am having a problem with ASL (latest version) any client can connect to any outside server, But I cannot seem to get the system to allow inbound connections to my webserver or mailserver.

I guess that I am not understanding DNSAT/SNAT currently I have made under defenitions --> my webserver 192.168.1.103 and allowed the External-Interface under packet filter http so its set client : External Interface
server: my webserver service: http

and it does not work. I think this program is awsome and sure its my lack of understanding the DNAT/SNAT rules. I am sure that it has been explained hundreds of times in this forum So if anyone can just point me in the right direction I am not afraid to read the man but cannot seem to find any pages about it.... Anyhelp would be greatly appreciated....

I have 2 nics External to DSL connection and 1 going to the internal network. Also If there is a way and it looks as if there is I would like to DMZ my web/mail server at the .103 address.

Also I have noticed that when entering the subnet of a class c it makes me enter 255.255.255.255 I nornally just enter .0 I dont understand this it says it does not make sense to enter in for 192.168.1.103 a subnet of 255.255.255.0 ????
what am I missing ?

Thanks ....

[ QUOTE ]
I am a noob to this firewall and I have a fairly simple setup, I am having a problem with ASL (latest version) any client can connect to any outside server, But I cannot seem to get the system to allow inbound connections to my webserver or mailserver.

I guess that I am not understanding DNSAT/SNAT currently I have made under defenitions --> my webserver 192.168.1.103 and allowed the External-Interface under packet filter http so its set client : External Interface
server: my webserver service: http

and it does not work. I think this program is awsome and sure its my lack of understanding the DNAT/SNAT rules. I am sure that it has been explained hundreds of times in this forum So if anyone can just point me in the right direction I am not afraid to read the man but cannot seem to find any pages about it.... Anyhelp would be greatly appreciated....

I have 2 nics External to DSL connection and 1 going to the internal network. Also If there is a way and it looks as if there is I would like to DMZ my web/mail server at the .103 address.

Also I have noticed that when entering the subnet of a class c it makes me enter 255.255.255.255 I nornally just enter .0 I dont understand this it says it does not make sense to enter in for 192.168.1.103 a subnet of 255.255.255.0 ????
what am I missing ?

Thanks ....


[/ QUOTE ]
Ok, to get a webserver running through the firewall you need to do three things.
1.) create a new Network def with your servers local IP. Like this:
servername 192.168.0.3 255.255.255.255

2.) Forward incoming traffic on port 80 to that machine. Like this:
Source address: Any
Destination address: external interface
Service: HTTP
Change source to: No change
Change destination to: your newly defined netwoek def for your server
Service destination: No change

3.)
Now create a new packet filter rule to allow the incoming traffic:
From (Client): Any
To (Server): your newly defined netwoek def for your server
Service: HTTP
Action: Allow

I have a FTP server ruing perfectly right now.

Goto
http://docs.astaro.org/guidebooks/
and click on
Guidebook-US-ASL-V4_psk_net-to-net.pdf

Xeno

I have done exactly what you said , I am running 2 nics in ASL I created a DNAT/SNAT rule to forward requests for port 80 to and it did work but now it has stopped and I cannot figure out why.... I have the packet filter allowing it as well

I am also trying to forward another port to my linux box and it is not working using the same thing .....

I did the following I created Dnat/Snat

Source Address : Any Destination: External Network Interface
Service: HTTP
Change Source to: no change
Change Destination to: Linux Server
Service Destination: no change

It did work and now it is not I also created a packet filter for it and allowed it as well.

Just like this
From Client: Any
To (Server): Linux_server
Service: HTTP
Action: Allow

And it does not work...... but it did at first (wild) anyways I am running 2 nics one that external and one internal
what am I doing wrong anyone ?

[ QUOTE ]
I have done exactly what you said , I am running 2 nics in ASL I created a DNAT/SNAT rule to forward requests for port 80 to and it did work but now it has stopped and I cannot figure out why.... I have the packet filter allowing it as well

I am also trying to forward another port to my linux box and it is not working using the same thing .....

I did the following I created Dnat/Snat

Source Address : Any Destination: External Network Interface
Service: HTTP
Change Source to: no change
Change Destination to: Linux Server
Service Destination: no change

It did work and now it is not I also created a packet filter for it and allowed it as well.

Just like this
From Client: Any
To (Server): Linux_server
Service: HTTP
Action: Allow

And it does not work...... but it did at first (wild) anyways I am running 2 nics one that external and one internal
what am I doing wrong anyone ?


[/ QUOTE ]
Make sure the filter rule is Active and Above any deny rules.
For trouble shooting you can create an Any Any Any Allow filter rule and stick it at the top. Enable it temporarily and see if you get any drops.
<font color="red">Make sure to set it as Inactive when you are done!</font>

Check your logs for dropped packets; post them here so we can take a look.

Make sure your network def is correct.

I have set a packet filter with any,any as you suggested and I have then looked at the packet filter log and I cannot see an attempt to go from my 192.168.1.101 to the webserver I can access it from internal on its internal IP but no one can see it from my public IP ....... I cannot see in the logs where it is dropping port 80 at the packet level........

I have looked at the log no attempt very strange ?