Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Network Security: Firewall, NAT, QoS, IPS and more
Reload this Page HTTP through Packet Filters..
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-20-2004, 10:52 PM
Junior Member
  
Join Date: Feb 2004
Posts: 19
Default HTTP through Packet Filters..
This would seem pretty straightforward, however, all attempts at making this work has failed. Even in the Live Log, it shows the packets being accepted, yet the page fails to load. To avoid excessive filters for DNS, I am simply trying to browse to a webserver via IP.

Packet filter: Any --> External network, anyservice, logallow.

No joy. Ive tried adding a second filter reversing the path in case these filters arent stateful. Still No joy.

External network is defined as our Class C Ipaddress block with a webserver assigned a routeable IP from the block.

Please tell me Im missing something simple.

Regards,
Jones
Reply With Quote
  #2 (permalink)  
Old 02-21-2004, 12:17 AM
Senior Member
  
Join Date: Sep 2002
Location: Sweden,Moheda
Posts: 237
Default Re: HTTP through Packet Filters..
If you have a http server behind ASL you must also have a dnat for webserver.

Lokk in here for set up a dnat for you webserver dnat

Hope it helps you [img]/images/graemlins/smile.gif[/img]
Reply With Quote
  #3 (permalink)  
Old 02-23-2004, 03:01 PM
Junior Member
  
Join Date: Feb 2004
Posts: 19
Default Re: HTTP through Packet Filters..
Thanks for the response. The webserver Im using isnt behind ASL. Packet filters arent working for anykind of HTTP browsing whatsoever. I was just using our own webserver so I could browse via IP instead of messing with DNS filters, thus further complicating the problem.
Reply With Quote
  #4 (permalink)  
Old 02-26-2004, 08:27 PM
Member
  
Join Date: Feb 2004
Location: Karlsruhe, Germany
Posts: 40
Default Re: HTTP through Packet Filters..
I don't fully understand your topology. Is your webserver's IP in "external network"? It sounds more like a routing problem. Is the web server's default route set properly? It might need a static route to use the firewall as the gateway for your internal network. That's the easy answer....

Bill
Reply With Quote
  #5 (permalink)  
Old 03-02-2004, 02:14 PM
blueorder's Avatar
Member
  
Join Date: Mar 2004
Location: Carrollton, TX
Posts: 81
Default Re: HTTP through Packet Filters..
I have somewhat the same problem...

Webserver/mailserver (one box) on DMZ behind ASL on dynamic IP cable connection...tried webserver/DNAT guidebook and a couple of suggestions found on the forums...as posted above, no joy [img]/images/graemlins/smile.gif[/img] .. ports not open (checked at grc.com) and server can't access outside world

I've been successful in setting up everything but this...so tired...oh so tired...

BTW, here's some of my setup...

network
Reply With Quote
  #6 (permalink)  
Old 03-02-2004, 03:01 PM
Junior Member
  
Join Date: Feb 2004
Posts: 10
Default Re: HTTP through Packet Filters..
It doesn't look like anyone really *read* Dr. Jones' post - he's not trying to run a webserver behind ASL but rather wants to access an external one by adding it directly TO ASL via definitions and packet filter.

Dr. Jones - if you figure anything out please post your fix, I have the same problem essentially and cannot for the life of me fix it [img]/images/graemlins/laugh.gif[/img]
Reply With Quote
  #7 (permalink)  
Old 03-02-2004, 03:11 PM
Junior Member
  
Join Date: Feb 2004
Posts: 19
Default Re: HTTP through Packet Filters..
Ok I knew it was something easy. The problem wasn't within the packet filters, but under NAT. I needed to set up a NAT rule to masquerade the internal network.

My NAT rule:

Internal Network -> all/all MASQ_External.

I couldnt figure out why all my logs showed acceptance of the proper packets yet no joy. Then it dawned on me that while the packets were getting out, they were trying to return to my non-routable , internal network.

You would think that this rule would be setup by default as it is the most basic of principles with any NAT router.

Hope this helps.

Regards,
Jones.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 06:52 PM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.