Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Closed Forums (read only) > ASG V7.000 BETA (closed)
Reload this Page [NAT] Publishing internal HTTPS server
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-22-2007, 08:45 AM
Junior Member
  
Join Date: Jan 2007
Posts: 5
Default [NAT] Publishing internal HTTPS server
I have an internal webserver, serving on HTTPS/443. I'd like to publish this server to the outside world. To accomplish this, I have bound a second external IP-address to my Astaro box (Network - Interfaces - Additional Addresses).

Now I'd like to do the following:
Any request on HTTPS/443 on the external IP-address should be redirected to my internal server (10.10.10.31). My guess would be, that I need to make use of a DNAT Rule (Network Security - NAT - DNAT/SNAT):

Traffic Source: Any
Traffic Service: HTTPS
Traffic Destination: External IP-Address
NAT Mode: DNAT
Destination: Internal IP-Address
Destination Service: HTTPS

Even after a reboot of the Astaro box, this still does not work. Can any of you help me out?
  #2 (permalink)  
Old 03-22-2007, 10:11 AM
Moderator
  
Join Date: Apr 2001
Location: Brantford, Ontario, Canada
Posts: 809
Default
Did you create a packet filter rule allowing the https traffic to the internal ip?
__________________
7 x ASG 220, 4 x ASG 120, 2 x 25 IP, Home Unlimited Power User.
  #3 (permalink)  
Old 03-22-2007, 11:29 AM
Junior Member
  
Join Date: Jan 2007
Posts: 5
Default
I have created a Packet Filter rule:
Source: External Address
Service: HTTPS
Destination: Internal Address
Action: Allow

-----
EDIT: In my Packet Filter Live Log, I see:
12:38:12 Default DROP TCP 62.131.***.***:21080 → 10.10.10.31:443 ([SYN], len=48, ttl=119, tos=0x00, srcmac=00:01:71:0c:xx:xx, dstmac=00:0c:29:84:xx:xx)

This would mean that the packetfilter is not setup correctly?
Last edited by jainoxi; 03-22-2007 at 11:40 AM.
  #4 (permalink)  
Old 03-22-2007, 12:57 PM
Junior Member
  
Join Date: Jan 2007
Posts: 5
Default
I took a better look at the Packet Filter Live Log, and concluded that my initial Packet Filter rule wasn't correct. Offcourse there isn't any request from the External IP to the Internal IP, but from 'any' to the Internal IP. I changed the Packet Filter rule to:

Source: Any
Service: HTTPS
Destination: Internal Address
Action: Allow

Now it works as expected! Thanks for the nudge in the right direction
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 06:01 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.