port forward on ip alias not working

Started by Madifor, July 21, 2024, 11:43:41 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 21, 2024, 11:43:41 AM
I have an the following issue

On an 'external' interface i have configured a fixed ip and an alias/ virtual (alias)ip address.
As shown in the attachment , i configured port forwards on the interface ip and port forwards for the virtual ip.
When trying webpage using the interface ip  , forwards works perfectly and i reach the 1st internal system.
When trying webpage using the virtual ip , i am reach the gui of the firewall and not the 2nd internal system.
July 21, 2024, 11:48:53 AM #1 Last Edit: July 21, 2024, 11:50:25 AM by doktornotor
Trying how? 10/8 is RFC1918 space, not accessible from outside. From inside, you are into the NAT reflection can of worms plus it is very much pointless since you can access those directly without involving your firewall/router at all.

Not really sure what are you trying to do there, to use multiple webservers behind a single IP, I would suggest a reverse proxy, such as HAproxy or nginx. 
July 21, 2024, 01:40:50 PM #2
The so called csc lan is a special internal lan whclich can only be acccessed when at the corporate lan only and the destination network is a testing/ development network also internal only., but not to be exposed / directly accessible via routing from the corporate lab.

The goal for the forward is to be to access the ftp/tftp server from address x and the installed terminal server from server y. I know the picture only shows htttp(s) but that is for easier to test as the is storage also has a web portal running
July 21, 2024, 02:06:48 PM #3
QuoteThe goal for the forward is to be to access the ftp/tftp server

Uhm. Testing with HTTP(S) will not help you at all, even when you get it working, it will not keep working when you switch the rule to FTP simply due to how FTP protocol and active/passive modes work.

For FTP, try the FTP proxy plugin, perhaps. TFTP does not handle NAT any better, used some kernel helper module on Linux and was another royal PITA.

July 22, 2024, 06:40:59 AM #4
Agree on that,based on different requirements of the ftp protocol.

FTP/ tftp will mainly being used on the development network to upload/ download the correct software, configurations / reports from/to the devices.

Having multiple http(s) servers with different tasks to be reached on that isolated networks is the 1 st challenge.
So far I am not able to reach the web server which I want to reach using one of the ip aliases.
When I http(s) to the virtual / ip alias I only get to the gui of the firewall it's not correctly forwarded.

July 22, 2024, 07:03:06 AM #5
Sorry Guys , I am in the wrong forum... .
Al my issues are related to the 24.1.x version and not 24.7  sorry for that. Not sure if a moderator can move it to the correct one ?
Print
Go Up Pages1
User actions