Finally I have got around to putting a web server in my network. Now I need to connect it to the world.
I have read the Web Server/DNAT doco but it talks about using the IP assigned by the ISP as the additional address on the ethernet interface. Bit of a problem there, I have a dynamic IP that I control through a CustomDNS at dyndns.org.
In front of my ASL box is a NAT router that does the PPPoE stuff, no filtering, just NAT. Naturally, the IP to my domain is at the front of this NAT router.
What I would like to know is how to configure the ASL box so I can run my web server in a DMZ (eth2) behind the NAT router.
I thought I'd ask here as I am sure there is more than just me connecting this way.
Any help here will be appreciated. [img]/images/graemlins/smile.gif[/img]

BTW: ASL 4.021

why not have asl do the natting for you instead of a router? then you can use the proper rules in asl and it will work fine. Going through a double nat is a PITA and not really needed(unless you have no control overthe wire).

For some other testing reasons I connect directly to the router, so I do not want to get rid of it.
That asside, even if I did get rid of the router, I would still have a dynamic IP address at the front of my network.
All the instructions I have seen about setting up a web server in the DMZ mention using a fixed IP. Don't have that. [img]/images/graemlins/frown.gif[/img]

I just want to know if I can set up my web server in an ASL DMZ behind a NetGear DSL router/switch with a dynamic IP assigned by the ISP.
As I said in my first post, surely others do this. I'd just like to know how.

A simple NAT rule like the one below, will make a web server on one of your internal networks (mine is on my DMZ network) visible on the external interface on your ASL v4 box:

Webserver Any -> External_Interface__ / HTTP None myweb.mynet.local

If you have a router frontending your ASL box, you will have to configure port forwarding on the router for port 80. You forward port 80 to the IP address of the external interface of the ASL box.

Yeah! - It works . . .

Looking back, all that was necessary was to NOT create the "additional address on external interface". Everthing else, including the "port forward" from the router already existed in my config.
I will say however that ASL did not deal well with all of the config changes I was making. I did an external scan of my ports from GRC.com and it showed FTP ports as open and SMTP as closed. Had me weirded out for a bit. [img]/images/graemlins/confused.gif[/img]

A reboot of the ASL box saw it all come good again however.

Thanks for the inputs to my post, they are always appreciated and why I keep using ASL as my firewall.
No product can survive well without support, not a problem here. [img]/images/graemlins/cool.gif[/img]

Hi VelvetFog ,

Could you explain more clear on the setting, I am new, but
i have lost here.

I have a webserver behind ASL 5.001, I do not know how
to publish. I am using ADSL with dynamic ip and dyndns

Internet-->(DHCP by isp )<-->ASL5.001(internal ip 192.168.22.1)<-->webserver (192.168.22.9 )


Please thank.

Tks/raid

The simple NAT rule to make a web server on one of your internal networks (Internal or DMZ) visible on the External interface, which has a real IP address, looks like this:

Webserver Any -> External_Interface__ / HTTP None mywebserver.whatever.local

You first have to create a network definition for your server (I used mywebserver.whatever.local in this example). The network definition must have the IP address used for the server (the private address it is actually using), with a mask of 255.255.255.255

Then you create the NAT rule like this:

Name Webserver
Rule type: DNAT/SNAT
Packets to match:
Source address: Any
Destination Address: External_Interface
Service: HTTP
Change source to: No change
Change destination to: mywebserver.whatever.local
Service destination: No change

That is all there is to it. I have two web servers (one uses port 88) and a FTP server mapped out onto my public IP address this way. They all work fine.

Hi VelvetFog ,

Sorry VelvetFog, what mean mywebserver.whatever.local?
Could pls explain to me.

Tks/raid

mywebserver.whatever.local is the name you give your network definition for the local ip address of your server...ie. in Definitions --> Networks:

Name: mywebserver.whatever.local (this name is an example; enter any name you want to give your server)

IP Address: ***.***.***.*** (local address of server)

Mask: 255.255.255.255 or 32

[ QUOTE ]
Hi VelvetFog ,

Sorry VelvetFog, what mean mywebserver.whatever.local?
Could pls explain to me.

[/ QUOTE ]It is a example name for a web server, for the purpose of discussion. Another way of saying "INSERT YOUR OWN SERVER NAME HERE".

When you go into ASL Webadmin --> Definitions --> Networks, you have to call the entries you create something. They have to have a name. Internet naming is commonly done by using the DNS (Domain Naming System) naming convention, which at a minimum provides for a machine name, followed by a second level domain name, followed by a top level domain name, with the three entries being seperated by dots (.).

I can obviously not suggest that you call your web server www.microsoft.com, or some other real name that is already in use, so when giving an example, I use a sample name such as mywebserver.whatever.local. The idea is that in your implementation on your system, you substitute the machine name that is appropriate for you.

Most people are not confused by this approach.