DMZ 1:1 NEED HELP DESPERATLY
-
Hello guys please help me here. I read thru miles of bolgs and still could not figure out what am i doing wrong.
All my port forwarding works fine. The machine 192.168.2.8 can recieve SSH connection, and this machine can go out to internet.
Q1) However anything under my DMZ 10.1.1.1 network, which is NATED 1:1 cannot go out. It can ping the gateway 10.1.1.1 however I cannot ping it from gateway.
Q2) I can ping the virtual IPs as long as they are not assigned in 1:1 nat. The moment I assigned them for instance
10.1.1.52 <– 207.x.x.52 (1:1) nat I cannot ping this wan IP.
Please help!!!.
em0 –> WAN 207.x.x.50 GW --> 207.x.X.49
em1 --> LAN 192.168.2.1 /24
em2 --> DMZ 10.1.1.1 /24 GW --> 207.x.X.49VIRTUAL IP 207.x.x.51 CARP
VIRTUAL IP 207.x.x.52 CARP
VIRTUAL IP 207.x.x.53 CARP
VIRTUAL IP 207.x.x.59 CARPLAN
ALLOW PROTO=ICMP, SRC=, PORT=, DEST=, PORT=, GATEWAY=,
ALLOW PROTO=TCP/UDP SRC=, PORT=, DEST=, PORT=, GATEWAY=,WAN
ALLOW PROTO=ICMP, SRC=, PORT=, DEST=, PORT=, GATEWAY=*
ALLOW PROTO=TCP/UDP, SRC=, PORT=, DEST=, PORT=, GATEWAY=*DMZ (opt)
ALLOW PROTO=ICMP, SRC=, PORT=, DEST=, PORT=, GATEWAY=*
ALLOW PROTO=TCP/UDP, SRC=, PORT=, DEST=, PORT=, GATEWAY=*
ALLOW PROTO=TCP/UDP, SRC=207.x.x.59, PORT=, DEST=10.1.1.52, PORT=, GATEWAY=*
ALLOW PROTO=TCP/UDP, SRC=, PORT=, DEST=10.1.1.52, PORT=80, GATEWAY=*FIREWALL: NAT: PORT FORWARD
IF=WAN, PROTO=TCP/UDP, EXT. PORT RANGE= 22(SSH), NAT IP= 192.168.2.8 (EXT.:207.47.125.51), INT. PORT RANGE=22(SSH)
1:1
INTERFACE=WAN, EXTERNAL IP= 207.x.X.58 /32, INTERNAL IP=10.1.1.52/32OUTBOUND
AUTOMATIC OUTBOUND NAT RULE GENERATION (IPSEC PASSTHROUGH)
[#] MANUAL OUTBOUND NAT RULE GENERATION (ADVANCE OUTBUOND NAT (AON))INTERFACE=WAN, SRC=192.168.2.0/24, SRC PORT=, DESTINATION PORT=, NAT ADDRESS=207.X.X.51, NAT PORT=*, STATIC PORT=NO
-
Probably you just need to add outgoing NAT
INTERFACE=WAN, SRC=10.1.1.0/24, SRC PORT=, DESTINATION PORT=, NAT ADDRESS=207.X.X.51, NAT PORT=*, STATIC PORT=NO