Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Port translation Firewall -> Firewall
  •  
whawes

Messages: 6
Karma: 0
Send a private message to this user
There was an earlier thread in this forum about port translation for pop3 traffic originating within the lan and going to the external address of a mail server. The person in question was able to redirect users to the internal address of the mail server using the following rule.

Source: Internal NIC
Destination: Firewall
Service: POP3
Action: Allow
Translation: Source NAT to Internal NIC as well as Destination NAT to internal IP of mail server.

I am trying to do something similar but with HTTP traffic and a web server instead of POP3. I have the relevant rule set up and clients on the lan who enter the external ip of the web server into a web browser are redirected to the internal address correctly. However, when entering the external address into a browser on the firewall host, I get a dns "not found" error. I have tried adding "Firewall", the external NIC and the ip 127.0.0.1 into the Source column, but it makes no difference. Is there any way to get this working?

TIA,

Will
  •  
gert

Messages: 16
Karma: 0
Send a private message to this user
Not really a reply for your problem, more a suggestion for a workaround.

You could set up KWF as the DNS server for your LAN and in the "hosts" file on your KWF machine specify the internal IP address for the webserver DNS.

Might not be suitable for your network or your particular situation, but it's a suggestion.

Gert
  •  
whawes

Messages: 6
Karma: 0
Send a private message to this user
Hi Gert,

Thanks for your reply. I am aware of the hosts workaround, I'm just hoping not to have to maintain a hosts file on every client if I can help it.

Until I saw the post the other day about POP3 access within the LAN, I did not think that was possible using WinRoute. So I am hopeful that someone may be able to suggest a rule that allows WinRoute to solve this particular problem too.

Regards

Will
  •  
gert

Messages: 16
Karma: 0
Send a private message to this user
The "hosts" workaround is not as bad as it sounds. The idea is to use KWF as the DNS server for all your LAN clients. That way you only need to maintain the "hosts" file on the KWF machine.

Gert
  •  
Jeff Wadlow (Kerio)

Messages: 193
Karma: 6
Send a private message to this user
Right click in Traffic Policy and click on Modify Columns. Add Protocol Inspector to the list of visible columns. In your redirect rule for port 80, set the protocol inspector to 'none'. See if that fixes your problem. It might be the HTTP protocol inspector that is causing the problem.
  •  
whawes

Messages: 6
Karma: 0
Send a private message to this user
Good point about the hosts workaround, I had overlooked the fact that you don't need multiple hosts files. That should work OK.

I am still curious as to whether the same thing can be achieved with a rule however. I have tried the Protocol Inspector setting mentioned but this made no difference.

Regards

Will
Previous Topic: Logon through Admin Console 6
Next Topic: FTP Interal error??
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 03:28:55 CET 2017

Total time taken to generate the page: 0.00452 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.