Situation:
- LMTools is running on a virtual server in the internal network and is usually connected through the internal network
- LMTools should be accessable through the public ip in the internet
Network:
Internetgateway: LANCOM883; Ports 27000-27009 are forwarded to the external address of the firewall
Firewall: UTM 9; Rule "Any->27000-27009->Server" is permitted; DNAT "Any->27000-27009->External Address to Server" is active
Windows Firewall: deactivated on both pcs and Server
Problem:
When trying to access the Server with the PC located in the internal network, The firewall logs the following traffic:
Firewallrule: PC-IP->WAN-IP: granted
Nat-Rule: WAN-IP->Firewall-External-IP
Firewallrule: WAN-IP->Server-IP: granted
LMTools is accessable
When trying to access the Server with a PC located outside the internal network.
Nat-Rule: Outside-WAN-IP->Firewall-External-IP
Firewallrule: Outside-WAN-IP->Server-IP: granted
Firewall logs the same traffic until the PC times out.
LMTools is NOT accessable
Same Situation if I try to access the Server from the guest Vlan with just internet access.
Firewallrule: PC-IP->WAN-IP: granted
Nat-Rule: WAN-IP->Firewall-External-IP
Firewallrule: WAN-IP->Server-IP: granted
LMTools is NOT accessable
Can't find out why the latter doesn't work. If I disable either the FW-rule or the DNAT I also can't connect from the internal network. So the traffic has to pass the FW
No comments:
Post a Comment