This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access through additional addresses to port 22 and public a web page

Hi all,
I have a problem that cannot resolve.

NOTE: My infraestructure is in Amazon AWS, maybe the problem is here. But I don't understand why I can't connect to my webserver.

I have one additional address in my UTM configuration,because I need publish a web page.

I created my additional address in:

Interaces&Routing->additional addresses

Name:            My-public-additional-address
On interface:    external
    
IPv4 address:    56.55.xx.xx
Netmask:    /32
    
Comment:    


Then,I created a virtual webserver an real webserver:

Real web server
Name:    My-real-web-server        
Host:        172.66.77.43
Type:    http
Port: 80

Virtual webserver:

Name:        my-virtual-name-server    
Interface:     My-public-address
Type:    http
Port:     80

    
Domains:My dns domain
Real webserver:My-real-web-server    

I would like acces to port 22 in the web server too, for this I configured  a DNAT in my firewall:

DNAT:

For traffic from:    Any
Using service:    Any
Going to:    External [My-public-additional-address] (Address)
Change the destination to:172.66.77.43

The problem is,when I try access to my web page or my ssh service I can see In a tcpdump the packets go outside  my host by never come back.

13:51:35.427558 IP 192.168.0.8.34529 > 56.55.xx.xx.22: Flags [S], seq 3112542583, win 29200, options [mss 1460,sackOK,TS val 4630208 ecr 0,nop,wscale 7], length 0
E..<.h@.@.......4..[.......w......r............
.F..........


When I checked the firewall log I can see packets allow to my public IP.

14:16:24     Packet filter rule #4     TCP           
172.66.77.43     :     22
    →     
My public IP     :     34709
          
[ACK SYN]     len=60     ttl=63     tos=0x00     srcmac=02:4f:9d:0f:c5:3d     dstmac=02:94:ad:f2:1c:a5

Could anyone help me please?



This thread was automatically locked due to age.
Parents
  • Two Questions:

    You have added the 56.55.xx.xx address to your external interface. Is this address given to you by Amazon, or is it traceroutable to you?

    If you check the 'Log Initial packets' in your NAT rule, do they appear in your firewall log?

    For instance:

    20:50:00 NAT rule #4 TCP <some external address> : 48108  → 172.66.77.43 : 22

    If not, then the external traffic probably does not reach your UTM in the first place (hence the first question)

Reply
  • Two Questions:

    You have added the 56.55.xx.xx address to your external interface. Is this address given to you by Amazon, or is it traceroutable to you?

    If you check the 'Log Initial packets' in your NAT rule, do they appear in your firewall log?

    For instance:

    20:50:00 NAT rule #4 TCP <some external address> : 48108  → 172.66.77.43 : 22

    If not, then the external traffic probably does not reach your UTM in the first place (hence the first question)

Children
No Data