Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Winroute Mapping Bug ?
  •  
BlueBg

Messages: 11
Karma: 0
Send a private message to this user
Winroute Mapping Bug ?

i have 3 pcs to test Winroute Mapping

the 1st is the internet gateway :"192.168.0.1"and "x.x.x.x" --map ftp to "192.168.0.123".
the 2nd is the lan gateway :"192.168.0.123"and"192.168.1.1"--map ftp to "192.168.1.2" ,its

gateway is "192.168.0.1".
the 3rd is the workstation "192.168.1.2"--ftp is only running on machine,its gateway is

"192.168.1.1"

i told my friend my ftp ,he can access my ftp from internet .

1.on my ist pc i can access my ftp with this line "ftp 192.168.0.123" ,but "ftp x.x.x.x" or "ftp

192.168.0.1" is failed
2.on my 2nd pc i can access my ftp with this "ftp 192.168.1.2" ,but "ftp x.x.x.x" or "ftp

192.168.0.1"or "ftp 192.168.0.123" or "ftp 192.168.1.1" is failed.
3.on my 3rd pc ,the same as the 2nd -"ftp 192.168.1.2" is ok and "ftp 192.168.1.1" is failed.

i have tried winroute firewall 5.1.10 and winroute pro 4.25.
also ,i have tried PortTunnel,i find PortTunnel haven't this bug.
if you use PortTunnel ,you can access as "ftp 192.168.0.123" from my 2nd pc.

oh winroute mapping can access only from out of lan ?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
BlueBg wrote on Wed, 24 March 2004 16:20

Winroute Mapping Bug ?

i have 3 pcs to test Winroute Mapping

the 1st is the internet gateway :"192.168.0.1"and "x.x.x.x" --map ftp to "192.168.0.123".
the 2nd is the lan gateway :"192.168.0.123"and"192.168.1.1"--map ftp to "192.168.1.2" ,its

gateway is "192.168.0.1".
the 3rd is the workstation "192.168.1.2"--ftp is only running on machine,its gateway is

"192.168.1.1"

i told my friend my ftp ,he can access my ftp from internet .

1.on my ist pc i can access my ftp with this line "ftp 192.168.0.123" ,but "ftp x.x.x.x" or "ftp
192.168.0.1" is failed
2.on my 2nd pc i can access my ftp with this "ftp 192.168.1.2" ,but "ftp x.x.x.x" or "ftp

192.168.0.1"or "ftp 192.168.0.123" or "ftp 192.168.1.1" is failed.
3.on my 3rd pc ,the same as the 2nd -"ftp 192.168.1.2" is ok and "ftp 192.168.1.1" is failed.

i have tried winroute firewall 5.1.10 and winroute pro 4.25.
also ,i have tried PortTunnel,i find PortTunnel haven't this bug.
if you use PortTunnel ,you can access as "ftp 192.168.0.123" from my 2nd pc.

oh winroute mapping can access only from out of lan ?


That's right. This can't work ever. The portmapping works only on external (outgoing) interface. Although you create a proper traffic rules, the TCP flow will be divided into two directions (because you want to route from one interface to the same one). The firewall operating system will generate a lot of ICMP messages. This is a violation of 3-way TCP handshake which KWF controls.

The portmapping faature allows to publish server from the internal network to the Internet. It does not do generic port tunnelling.
  •  
BlueBg

Messages: 11
Karma: 0
Send a private message to this user
The portmapping works only on external (outgoing) interface


-->i see . thx.
  •  
BlueBg

Messages: 11
Karma: 0
Send a private message to this user
if i want accesss my ftp use "ftp jack998.vicp.net" from LAN, i'm sure that "jack998.vicp.net" is point to my gateway from internet ,and i map ftp to "192.168.0.123" which ftp is running on .

how should i do for my LAN access ?
create a domain for my LAN on my gateway?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
BlueBg wrote on Thu, 25 March 2004 08:10

if i want accesss my ftp use "ftp jack998.vicp.net" from LAN, i'm sure that "jack998.vicp.net" is point to my gateway from internet ,and i map ftp to "192.168.0.123" which ftp is running on .

how should i do for my LAN access ?
create a domain for my LAN on my gateway?


The easiest way is to add a new entry into hosts file at firewall:
192.168.0.123 jack998.vicp.net

(or into your local DNS server if you don't use DNS forwarder in KWF).
Then all local users will resolve this name as IP address from the local network.
  •  
BlueBg

Messages: 11
Karma: 0
Send a private message to this user
thx !

now i can use a same domain name for all my clients --internet and lan .

though i cann't use internet ip for my lan access .
Previous Topic: Yahoo Messenger & KWF
Next Topic: KFW 5.1.10 & Win98 - unexpected shutdown
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 12:20:12 CET 2017

Total time taken to generate the page: 0.00406 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.