Smoothwall Port Forwarding

[danrhodes]

Hey people,

I am wanting to send traffic coming onto my RED nic to an address on my GREEN nic, I have setup the correct port forwarding on the SM,

Red Eth0 Pt80 TCP Net:Any --> Green Eth1 Pt80 TCP Net:192.168.1.10

and also on my router to send all traffic to the default DMZ or 192.168.0.2 wich is the IP of my RED nic.

Im also using DynDNS on my router which is working fine. But for some reason when I try to connect by using either the DynDNS or the actual IP it does not work I get a (111) Connection refused??

Any help would be great!

Dan

[SYNACK]

Assuming that smoothwall and your router have some logging ability you could try to access it then see which device complains in its log.

Also are you attmpting to connect from inside the network to the external address. This configuration can often cause issues if double NATing is not supported by both devices. You should check from another net connection external to host one. Could use a phone browser on 3g for instance.

[chinesewhispers]

Silly thought but do you actually have a valid out going rule setup to allow port 80 traffic out? Some default 'closed' installs can be set with no outbound rules. Traffic could be getting in, but then having no route out again.

[tom_newton]

An outbound rule isn't needed if you haven't set up a "default deny" earlier.

[chinesewhispers]

My coat's around here somewhere...

[tom_newton]

Sorry, didn't get chance to make more than a cursory reply yesterday. It looks like you are double NATing (thanks clippy!) Have you tried putting a laptop on the network just between your router and your smoothie, see if it will port-forward from there? IT may be best to set up your router with port-forwards as well, rather than with one of these wacky DMZs that some routers support.

[danrhodes]

Im going to try this.

1. Disable DMZ on Router
2. Setup port forwarding on the router so that HTTP80 traffic routes to my RED Nic
3. Setup a firewall rule that routes all HTTP80 Traffic through my GREEN Nic to the IP 192.168.1.10 which is a workstation running apache/php.


Ive had this working before but didn't write it down and with my head being full of many other things it has got pushed out.


D

[j17sparky]

Im going to try this.

1. Disable DMZ on Router
2. Setup port forwarding on the router so that HTTP80 traffic routes to my RED Nic
3. Setup a firewall rule that routes all HTTP80 Traffic through my GREEN Nic to the IP 192.168.1.10 which is a workstation running apache/php.


Ive had this working before but didn't write it down and with my head being full of many other things it has got pushed out.


D

You're getting things mixed up. Port forwarding goes to your apache pc, firewall rules allow traffic accross the router.

Im not sure what you mean in your first post about your DMZ. Either im missing what you are trying to do or it isnt possible.

Thiis bit;

and also on my router to send all traffic to the default DMZ or 192.168.0.2 wich is the IP of my RED nic.

Red isnt DMZ. And you cant set it up to forward all traffic to a zone. You can set up a 1 to 1 NAT which forwards to a single computer in your DMZ

But for some reason when I try to connect by using either the DynDNS or the actual IP it does not work I get a (111) Connection refused??

Connect to what? And from where?

[plexer]

Hey people,

I am wanting to send traffic coming onto my RED nic to an address on my GREEN nic, I have setup the correct port forwarding on the SM,

Red Eth0 Pt80 TCP Net:Any --> Green Eth1 Pt80 TCP Net:192.168.1.10

and also on my router to send all traffic to the default DMZ or 192.168.0.2 wich is the IP of my RED nic.

Im also using DynDNS on my router which is working fine. But for some reason when I try to connect by using either the DynDNS or the actual IP it does not work I get a (111) Connection refused??

Any help would be great!

Dan

What smoothwall product are you trying to do this with?

Ben