Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Run Web Server Behind Firewall
  •  
Dilson

Messages: 3
Karma: 0
Send a private message to this user
Hi !

I have a small network setup with 3 servers with 1 of them running the firewall (also the Gateway to the Network).

I have 2 - NIC's on the Firewall Server with one linking to the DSL ROUTER which has a static IP from the ISP and the other NIC linking to the LAN. All internal IP's start in the range of 192.168.x.x and the 2nd NIC is on 10.0.x.x linking to the DSL Router.

Internet access works perfectly fine. I am running a Web Server using IIS 6 on one of the internal servers. I can view the website using the internal IP.
On the DSL Router i have created a NAT rule to forward all packets arriving at port 80 to the outside interface of the Firewall.
On the firewall i have created a Traffic Policy to forward all packets arriving at the outside interface of the firewall (INTERNET) to the Webserver on the LAN. I am unable to access the website from outside. Am i doing something wrong. Can someone help me?

The rule defined is

Name: IIS Rule
Source:INTERNET (Outside Interface on the Firewall Server)
Destination: ANY
Service: HTTP
Action: Permit
Log: C P
Translation: None
Valid on: Always
Protocol Inspector: None

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
name: webservice lan (server is in lan)
source: internet (interface connected to ...)
dest: firewall
service: http, https
action: allow
logging: packet (if debugging - see filter log)
translation: map (ip of webserver)
protocol inspector: default
  •  
Dilson

Messages: 3
Karma: 0
Send a private message to this user
Thanks feite,

I shal try it and post further results.

Dilson
  •  
Dilson

Messages: 3
Karma: 0
Send a private message to this user
Thanks,

That helped me solve my problem and sorry for the delay.

Regards,
  •  
danoli

Messages: 41
Karma: 0
Send a private message to this user
Dilson wrote on Wed, 18 May 2005 12:46


On the DSL Router i have created a NAT rule to forward all packets arriving at port 80 to the outside interface of the Firewall.
On the firewall i have created a Traffic Policy to forward all packets arriving at the outside interface of the firewall (INTERNET) to the Webserver on the LAN. I am unable to access the website from outside. Am i doing something wrong. Can someone help me?


Not sure if I have the wrong idea here but I would assume that you forward ALL ports on the DSL router to the firewall and from there manage the security of your network. The way you have it is giving you two points of management. Effectively, forwarding everything to the firewall makes the firewall the first line of defence to your network.

In your situation, if you wanted to enable FTP to another internal server, you would have to go to the DSL router and forward FTP port 21 to the firewall, by doing this, all FTP would immediately be directed to youe webserver, you then have to modify the firewall to redirect FTP traffic to your FTP server.

If everything was forwarded to your firewall, you can still block all trafic excet HTTP Port 80 and then enable and direct other traffic as necessary.
Previous Topic: Setting Up PPPoE Connection
Next Topic: i get WRDRV error when i start kerio
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 02:55:54 CET 2017

Total time taken to generate the page: 0.00380 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.