Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 4814 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

internal Network can't reach Public IP

Elvis Altherr

Hi all

I recently bought a Sophos SG115w Firewall and everything works fine expect the following:

I have a internal Network 192.168.1.0/24 with fixed ip Addresses and now i have to problem that i can't access the Public IP 62.2.208.170 from within the internal network even i added a Rule to allow this (see Attachments)

If a do a telnet to the Public Address or a Web Access a Timeout Occurs

Same with the Webaccess

What I'm doing wrong?

In the Log the Access seems ok but it doesn't work

 

 



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Elvis Altherr

    seems your FW rule 19 isn't correct.

    Must be:  internal LAN -> any -> Internet


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • 0 in reply to dirkkotte

    Thanks for you replies

    Here are my Interface and NAT Config

  • 0 in reply to Elvis Altherr

    Ok so edit rule 19, make the source your internal network, the services any or whatever specific ports you want i.e. ports 80 & 443 for web browsing, them make the destination your wan.

     

    You can do this by clicking on rule 19 edit, deleting the three you have set for source, services & destination.  Then click on the folder in the source part, and go to the search bard on the left, type LAN to find your internal LAN, you can drag and drop it into the source part.  Do the same for services with Any and the same for destination with WAN.

     

    See pic

     

    Respectfully, 

     

    Badrobot

     

  • 0 in reply to Badrobot

    Also in order for us to see NAT you need to take another screen shot, it is under Network Protection --> NAT

     

    It is right under the firewall menu option.

    Respectfully, 

     

    Badrobot

     

  • 0 in reply to Elvis Altherr

    Hallo Elvis and welcome to the UTM Community!

    I'm confused as to why you're trying to reach an IP on the External interface.  Maybe you need Accessing Internal or DMZ Webserver from Internal Network.

    This feels like a routing problem, but let's confirm that by doing #1 in Rulz - was there anything in the Firewall log?

    You will also want to read #3, #4 and #5 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:

    Hallo Elvis and welcome to the UTM Community!

    I'm confused as to why you're trying to reach an IP on the External interface.  Maybe you need Accessing Internal or DMZ Webserver from Internal Network.

    This feels like a routing problem, but let's confirm that by doing #1 in Rulz - was there anything in the Firewall log?

    You will also want to read #3, #4 and #5 in Rulz.

    Cheers - Bob

     

    Hi Bob

    Thanks for your reply. I will check the suggestions. Yes in the Log the Access is shown as allow. I also think this coud be a routing problem,coze if i try to access the external address from within the UTM it works (telnet from the shell direct on the FW)

  • 0 in reply to Elvis Altherr

    Hi Bob and all

    Thanks for Tipps the Article with the Internal DNS Server helped me. Will say i put a separate DNS Server for the Domains / Server (192.168.1.43) within the C-Class Network 192.168.1.0/24 and it works, means i can reach now the Servers behind the FW

Unfiltered HTML