SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2020-07-05 18:05 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0004129 | Endian Firewall | Firewall (iptables) | public | 2011-08-24 17:55 | 2011-11-04 16:43 | ||||||
| Reporter | rodrigodc01 | ||||||||||
| Assigned To | |||||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||||
| Status | feedback | Resolution | open | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | 2.4.1 | ||||||||||
| Target Version | Fixed in Version | ||||||||||
| Summary | 0004129: PortForward form Red IP to computer in the Green Interface does not work | ||||||||||
| Description | Creating portforward rules to on any port to any ip in the network simply does not work at all Situation # Incoming IP Service Policy Translate to Remark Actions 1 189.90.55.66 (Uplink main) TCP/80 ALLOW with IPS 172.16.1.81 : 80 SERVIDOR WEB The outgoing firewall is working fine, just the portforward with nat that is not working. | ||||||||||
| Tags | No tags attached. | ||||||||||
| Attached Files |  Snap1.jpg [^] (129,111 bytes) 2011-08-24 17:55
| ||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0007336) baldy (reporter) 2011-08-24 17:59 |
Hi rodrigo, Just tested with the IP you have on the external site and I get a html page with It works! If you are trying to access the webserver from green thru red and back to green again, this does not work. Regards, Klaas-Jan |
|
(0007337) rodrigodc01 (reporter) 2011-08-24 18:17 |
Ahhh got it !! Just a little something is there any way to erase the ip from my post ? Dont wanna leave there cause of security concerns |
|
(0007338) rodrigodc01 (reporter) 2011-08-24 18:22 edited on: 2011-08-24 18:27 |
Well since u got the ip already, i got say its quite strange i tried to access from 3G on my cell and it does not work, then i tried a vpn and still no luck.... Im loosing my mind over this... |
|
(0007339) baldy (reporter) 2011-08-24 18:33 |
Just checked again from the system it worked from and now I can't connect to the webserver. Same from my phone. Can you setup the firewall without IPS ? Regards, Klaas-Jan |
|
(0007340) rodrigodc01 (reporter) 2011-08-24 18:36 |
Well i tried again using a external vpn with no luck, i just disabled the IPS on the rule, lets see if it works now for u at least |
|
(0007341) baldy (reporter) 2011-08-24 18:52 |
Still no go. Can you recreate the rule with <ANY Uplink> ? Can you also create a rule for TCP port 81 to your internal IP port 80 ? This may help determining the source of the problem. I am supporting around 15 EFW's and have no problems whatsoever with forwarding port 80, also no issues on the bug forum. Regards, Klaas-Jan |
|
(0007342) rodrigodc01 (reporter) 2011-08-24 18:55 |
Hey thanks for the help ! so here are the new rules # Incoming IP Service Policy Translate to Remark Actions 1 Uplink ANY TCP/80 ALLOW 172.16.1.81 : 80 SERVIDOR WEB ALLOW from: <ANY> 2 Uplink ANY TCP+UDP/81 ALLOW 172.16.1.81 : 81 WEB2 ALLOW from: <ANY> |
|
(0007343) baldy (reporter) 2011-08-24 18:59 |
Can you modify the second rule so the internal port is 80 ? |
|
(0007344) rodrigodc01 (reporter) 2011-08-24 19:01 |
Done, # Incoming IP Service Policy Translate to Remark Actions 1 Uplink ANY TCP/80 ALLOW 172.16.1.81 : 80 SERVIDOR WEB ALLOW from: <ANY> 2 Uplink ANY TCP+UDP/81 ALLOW 172.16.1.81 : 80 WEB2 ALLOW from: <ANY> Still no luck here |
|
(0007345) baldy (reporter) 2011-08-24 19:05 |
Can you temporarily disable the outgoing firewall ? |
|
(0007346) rodrigodc01 (reporter) 2011-08-24 19:15 |
Yes, just did that, but it seen to have no effect |
|
(0007347) baldy (reporter) 2011-08-24 19:23 |
Can you internally access the server ? Also please enable logging on the firewall rule and check for traffic from 77.251.247.241 and what happens to the packets. If you see activity from my IP copy and paste the firewall log entries. Logs can be viewed using the logs option on the right. Do not use the Live log viewer, just use the normal one. Regards, Klaas-Jan |
|
(0007348) rodrigodc01 (reporter) 2011-08-24 19:28 |
Yes the server is available for the internal network, heres the log Aug 24 16:20:36 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 5724 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:20:35 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 5721 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:20:35 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 5722 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:20:29 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 5724 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:20:29 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 5721 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:20:29 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 5722 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:20:27 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 5724 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:20:27 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 5722 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:20:27 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 5721 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:17:23 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 54295 e4:1f:13:93:44:94 172.16.1.81 80 Aug 24 16:17:23 PORTFWACCESS:ACCEPT:1 eth1 TCP 77.251.247.241 54294 e4:1f:13:93:44:94 172.16.1.81 80 |
|
(0007349) baldy (reporter) 2011-08-24 19:34 |
Hi Rodrigo, The logs show that the packets are acccepted and forwarded. Any ip restrictions on the webserver ? Also are there logs on the webserver you can check ? Is the webserver itself also using the EFW box as gateway ? Regards, Klaas-Jan |
|
(0007350) rodrigodc01 (reporter) 2011-08-24 19:38 |
Hello, so theres no restrictions on the webserver, but the portfw also does not work with RDP ( port 3389 to a server 2008 in the nerwork) Gonna check the webserver logs . And the webserver is using the EFW box as a gateway indeed. |
|
(0007351) baldy (reporter) 2011-08-24 19:59 |
have you changed anything ? I can connect from 2 different ip's and my android phone. Regards, Klaas-Jan |
|
(0007352) rodrigodc01 (reporter) 2011-08-24 23:23 |
Hey Klass-Jan, sorry i had to go for some time, well i deleted all the portfw rules and created a new one # Incoming IP Service Policy Translate to Remark Actions 1 Uplink ANY TCP+UDP/80 ALLOW with IPS 172.16.1.81 : 80 WEB ALLOW with IPS from: <ANY> Its the same thing as the ones we had before but now it seens to work, i made no changes to the outgoing firewall or anything else Gonna try other rules to see with it still works, thanks a lot for all you help !!! * On a note this portfw problem seen to happen only when your turn on the proxy, cause on another endian box i got portfw working without a problem |
|
(0007383) baldy (reporter) 2011-09-05 11:49 |
Hi rodrigo, Are you using the transparent proxy ? Regards, Klaas-Jan |
|
(0007528) rodrigodc01 (reporter) 2011-11-04 16:43 |
Hello, I had to redo everything and then I forgot to check back here, anyways out of nothing the portforward started working again. But im still trying to find a relation with the activation of the proxy. Thanks for everything. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-08-24 17:55 | rodrigodc01 | New Issue | |
| 2011-08-24 17:55 | rodrigodc01 | File Added: Snap1.jpg | |
| 2011-08-24 17:59 | baldy | Note Added: 0007336 | |
| 2011-08-24 18:17 | rodrigodc01 | Note Added: 0007337 | |
| 2011-08-24 18:17 | rodrigodc01 | Status | new => feedback |
| 2011-08-24 18:22 | rodrigodc01 | Note Added: 0007338 | |
| 2011-08-24 18:27 | rodrigodc01 | Note Edited: 0007338 | |
| 2011-08-24 18:33 | baldy | Note Added: 0007339 | |
| 2011-08-24 18:36 | rodrigodc01 | Note Added: 0007340 | |
| 2011-08-24 18:52 | baldy | Note Added: 0007341 | |
| 2011-08-24 18:55 | rodrigodc01 | Note Added: 0007342 | |
| 2011-08-24 18:59 | baldy | Note Added: 0007343 | |
| 2011-08-24 19:01 | rodrigodc01 | Note Added: 0007344 | |
| 2011-08-24 19:05 | baldy | Note Added: 0007345 | |
| 2011-08-24 19:15 | rodrigodc01 | Note Added: 0007346 | |
| 2011-08-24 19:23 | baldy | Note Added: 0007347 | |
| 2011-08-24 19:28 | rodrigodc01 | Note Added: 0007348 | |
| 2011-08-24 19:34 | baldy | Note Added: 0007349 | |
| 2011-08-24 19:38 | rodrigodc01 | Note Added: 0007350 | |
| 2011-08-24 19:59 | baldy | Note Added: 0007351 | |
| 2011-08-24 23:23 | rodrigodc01 | Note Added: 0007352 | |
| 2011-09-05 11:49 | baldy | Note Added: 0007383 | |
| 2011-11-04 16:43 | rodrigodc01 | Note Added: 0007528 | |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |