Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Again problem forwarding???
  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
OK.. Look at picture...
You can see that i heave two WAN ip address and they are not static.

when i in home network trying to get on HTTP server and i type:
http://93.138.233.176 --> get message TIME OUT
and when i try other one
http://78.1.145.129
I get access on web page normally

and my dns server name is "server.ss" so when i try to get:
http://server.ss i get TIME OUT
i see the log that i'm forwarded to other server:
.... -> 192.168.0.2:80 [Duration] 89 sec [Bytes] 156/0/156 [Packets] 3/0/3
[Packets] 3/0/3 --> this looks not good.
In filter log is nothing. Everything work god but he don't wont forward.

and then i make web server on "server.ss" machine but on port 82
and when i type:
http://93.138.233.176:82 --> page is open
http://78.1.145.129:82 --> page is open
http://server.ss:82 --> page is open

i don't get it why is that happening and the same thing is happening to clients who wont get access from WAN network.
This thing start me to go crazy...
I try restart Kerio, reconnect etc...
but sometime that just don't wont work.

And one more thing...
Access from external network (when work) is work for others ISP but when some one try to get in from same ISP what i using.
He cant get in TIME OUT.
I see in log that he try connect but he get time out... He didn't get my answer!!!
ANTI-SPOOFING is DISABLED, and still same problem.


Is problem in forwarding or what?
i'm relay crazy of that.

i will be glad to tell you all information what you need to fix this.

Thanks,

  • Attachment: Kerio1.png
    (Size: 53.19KB, Downloaded 525 times)

[Updated on: Fri, 15 October 2010 20:07]


Question cannot be stupid, but some of the answers can.
  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Goran,

First thing: Use the groupname "internet interfaces" within the rule. Replace ANY with that.
Port forwarding isn't needed. Because the only protocol you allow is http (port 80).

And make a rule that allows the internal IP to go to the internet interfaces.

I have tried just now to connect to your ip's, but only the primairy is responding. So it's needed to know how the rules are made.
I think there are some rules working against one and other.

Take a good look on the rules.

And a piece of advise. Let your webmail go only by HTTPS (443).
Then it's secure.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
Thanks for quick reply...
Ok i change any to internet. And now i cant get in from WAN ip address but whatever...
Thanks for 443 but is whatever, You see my IP now and newer again LOL
Sorry some rules are twice...
Hmm rules huh OK... Sorry was need to Delete some words etc... But all rules are there.

  • Attachment: KerioRule.jpg
    (Size: 145.24KB, Downloaded 489 times)

[Updated on: Fri, 15 October 2010 21:31]


Question cannot be stupid, but some of the answers can.
  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
Oh yea and still problem that sometimes From same ISP, clients can't connect.

Question cannot be stupid, but some of the answers can.
  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Goran,

Why do you have so many rules made?
What's the meaning of all those rules.
When you setup your Kerio Control, was that made with a drawing of the network.
Or better said, do you have a network drawing, like MS-Visio for example?

Because i think that your problem still is within your rules.

I always make a drawing before i make rules.
And write down which service/server goes which way to the internet, DMZ, WLAN or LAN's.
To get it clear.
Because creating rules on the fly can make other rules absolute.

And where comes {domain}.ss from. Which country is that?
I can't find it.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
Of course that you can't find that (.ss)... This is my internal (home) domain.
Why so many rules because i need them like you see i have plenty of server up for gaming and programing.
And how can be something wrong if is written
internet ->Firewall port:80 map to 192.168.0.2:80 (server) --> and this SOMETIMES work sometimes not.
i see in log (example)
User..> 192.168.0.2:80 [Duration] 89 sec [Bytes] 156/0/156 [Packets] 3/0/3
So i see that he is connected and mapped but bites going no where. And client get time out.
I don't use Kerio DNS i Don't use Kerio DHCP, but with them using or without same problem is happening.
No i didn't draw my network.
Is simple you have two internet connections and two outgoing NIC one for files second for internet (NAT) and clients.
Some IP address from USA and Russian are on Drop List. Some clients use slowest internet connection and some rules are off because i need them time to time.(like all clients go on slow internet connection) and etc...
When is "Gaming time" youtube put on slower connection, and i just don't know where can be problem in rules?

Thanks for you helping me, ictandme

Question cannot be stupid, but some of the answers can.
Previous Topic: Bandwidth limit for External IP
Next Topic: Kerio Control Software Appliance and USB-keyboard
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 06:45:42 CEST 2017

Total time taken to generate the page: 0.00476 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.