Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 2399 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

understand traffic from realwebserver to outside

jcotonou
Hello
i use this config in intranet environnement.
could you help to understand why traffic is rejected by waf.
i have :
 
real1(2.2.2.2) http  -----> Virtual(3.3.3.4)   and nfs_server(3.3.3.3)
                       +
          NFS_share( mount 3.3.3.3:/remote/export .....)




ping from real1  to nsfserver  : OK
http(3.3.3.4)  : i get cannot access page 

i have not set DNAT OR NAT :
i set allow access for virt (3.3.3.4)  on my nfs_server

Question :
what is the IP address for NFS trafic from real1 to nfs_server ?
NFSclient use virtual ip to access share server ?

 Thanks


This thread was automatically locked due to age.
Parents
  • 0
    A Virtual Server only handles HTTP or HTTPS.  It won't forward pings, nor will it handle the TCP/UDP ports needed for NFS.

    You can do those things with a DNAT, but be careful to NOT include HTTP/S in the DNAT because of what I call Rule #2:

    In general, a packet arriving at an interface is handled only by one of the following, in order:
    DNATs first, then VPNs and Proxies and, finally, manual Routes and Firewall rules.


    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    A Virtual Server only handles HTTP or HTTPS.  It won't forward pings, nor will it handle the TCP/UDP ports needed for NFS.

    You can do those things with a DNAT, but be careful to NOT include HTTP/S in the DNAT because of what I call Rule #2:

    In general, a packet arriving at an interface is handled only by one of the following, in order:
    DNATs first, then VPNs and Proxies and, finally, manual Routes and Firewall rules.


    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML