Firewall & forwarding

Jesse7 · Nov 24, 2005, 12:45 AM

But you can acess it via the external IP from inside your lan? But if you use someone else net connection you can't?

Might be something to do with that reflection option that was added recently try turn that off, turning it off will probably have the oposite effect what I just typed above. Or it may just stop you acessing it from you LAN.

OK so you have edited your post to make it more clear .. glad I noticed and didn't just reply blindly.

Cyrandir · Nov 24, 2005, 12:49 AM

I'm certainly willing to try it, I've been beating my head against this for a couple of days now. I'll be back in a bit with the results.

Cyrandir · Nov 24, 2005, 1:07 AM

I think I got it turned off an no joy. Is there more than one place to turn this feature off? Or does anyone have any other ideas?

Jesse7 · Nov 24, 2005, 1:17 AM

Can you post your rules?

Oh also can you confirm you are not able to access it from a seperate Net connection that has nothing to do with your pf/wan/lan setup.

Jesse7 · Nov 24, 2005, 1:20 AM

@Cyrandir:

I think I got it turned off an no joy. Is there more than one place to turn this feature off? Or does anyone have any other ideas?

Out of curiousity when you turned off that feature, could you still acess via your external IP from your LAN?

hoba · Nov 24, 2005, 1:53 AM

First delete the rule you created for the webserver and the nat entry. Then start over again. Go to Firewall>NAT and add a port forward.

Interface: WAN
External Adress: Interface Adress
Protocol: TCP
External Portrange: HTTP
NAT IP: <lan ip="" of="" your="" webserver="">Local Port: 80
Description: whatever you like

Auto add a firewall rule <–---------------------this is important. it will create the correct rule for you. You can create it manually but why if it does it automagically. Less to do wrong ;-)

Save and apply. You should be up now. If not check if your DynDNS resolves to the correct WAN IP.</lan>

Cyrandir · Nov 24, 2005, 2:43 AM

Jessie7: No I was not able to see things from the external IP. The reflect thing seems to be working properly.

Hoba: That is exactly how I created things the first time. I'll try it again from scratch though.

Cyrandir · Nov 24, 2005, 2:55 AM

Guess I should have mentioned this earlier, but I'm running a ventrilo server from the same machine and the NAT/rules created seem to be doing their job. I and others can connect via external IP and by DNS name without any problems. Other than the port numbers the rules etc are identical, but not working for port 80. I'm heading off now to rebuild the rules from scratch. Wish me luck.

Cyrandir · Nov 24, 2005, 6:55 AM

Upon much further investigation. I've found that my ISP blocks incoming connections on port 80, along with many other common alternatives, such as 1080 and 8080. I guess I'll just have to set it up for another port. In the end, I can only be glad it wasn't a configuration error on my part, and I'm not going mad. Thank you everyone for your help.

Cyrandir · Nov 24, 2005, 7:16 AM

Final update, I got it to work by switching to external port 6360, randomly picked off a chart of assigned ports. If anyone has similar problems, feel free to PM me and I'll help you through it. Thanks again everyone!