Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Services behind KWF
  •  
franzall

Messages: 8
Karma: 0
Send a private message to this user
Hi all,
i have a very strange poblem with KWF 6.1.2.
KWF is installed on my Windows Server 2003 Geteway with 2 network interfaces: one to internet with a static public IP and one to my LAN.
All services from LAN to Internet work fine but none behind KWF!
I have tried with HTTP,FTP,POP3,SMTP and so on with the same results.
I have created the policy rules with the following settings:

ex. Service FTP
Name: FTP Server
Source: Public (network Interface to Internet)
Destination: Firewall Host
Service: FTP
Action: Permit
Log: Packets and Connections
Translation: MAP 192.168.x.x (my Internal FTP service)
Protocol Inspector: default

I have also tried to set in the destination field directly the public IP address and in the traslation the service port number but it doesn't still work.
I ever see the service ports closed on my Gateway server.

Could somebody help me?

Many Thanks.


  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
That Traffic Policy seems just fine to me. Are you sure there's not another rule above this one that is interfering? The first rule (top down) that 'matches' the connection, is the one being used...
  •  
franzall

Messages: 8
Karma: 0
Send a private message to this user
Yes i'm sure..
If you look the attached picture, you can see all policy rules of my KWF.
Are there another traffic limitation on the Advanced options or in installation?
It's very strange, i don't understand.

Thanks

[Updated on: Tue, 27 September 2005 14:53]

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Seems allright. The only difference I see with my (working) rules is that you also specify a target port in your mapping (and I don't). This is not neccesary, as the inbound traffic is on the same port as the internal mapped service.

So incoming traffic to the firewall at port 80 is mapped to the internal webserver at port 80. No need to translate ports so try un-checking the "Translate port to:" option in the translation settings.
  •  
franzall

Messages: 8
Karma: 0
Send a private message to this user
The first time i have tried without the port number and than with to improve..
Now i try to re-install KWF e rebuild all configurations.

Let me know if you have some idea.

Thanks a lot..
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
You have enabled logging of packets for the FTP server rule. Do you see entries in the filterlog that someone is trying to access the ftp server?

The other place you must check is the FTP policy. For testing put a rule as the first in the list like this:

description: FTP server from internet
check log (logentries will show up in the filterlog)
all other options are correct
  •  
franzall

Messages: 8
Karma: 0
Send a private message to this user
Now with your FTP rule i can see something on the Filter Logs:
the forwarding to local IP looks right but FTP server doesn't respond.
dos commands:

ftp> open 195.x.x.x
Connected to 195.x.x.x
421 Service not available (Connection closed by remote host)


I have the same problem with each service: HTTP,POP3,SMTP,Kerio Administration console...


  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Can you access your ftp server from inside the lan of from the firewall directly?
  •  
franzall

Messages: 8
Karma: 0
Send a private message to this user
Yes i can,
the port mapping problem was created by another gateway on my network in conflict with KWF, now it works with all services.

I still have problems with the FTP server, but i think my FTP server doesn't work behind a firewall, i should search the right configuration.
I'm using FileZilla FTP server.

Many Thanks to all.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
When you're connecting to a FTP server with NAT in between somewhere (such as in your case), you may have to use 'passive' FTP. (This is something you need to use in the FTP client.)
  •  
franzall

Messages: 8
Karma: 0
Send a private message to this user
I'm using the FTP server with the passive mode...
  •  
alsur

Messages: 3
Karma: 0
Send a private message to this user
Is the ftp service (or other) installed on a Gateway or in the local network?

And are you trying to reach the services from the Internet, or from the gateway?

[Updated on: Thu, 29 September 2005 22:06]

  •  
franzall

Messages: 8
Karma: 0
Send a private message to this user
The FTP server stays on the local network.
I'm trying to reach it from internet..from gateway all works fine.
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Did you try it without the port number in the MAP after solving the other gateway problem?
  •  
franzall

Messages: 8
Karma: 0
Send a private message to this user
yes I did it,
but the problem is with my FTP Server.
Previous Topic: Gateway vs. VPN
Next Topic: Satellite Connection (Teles SkyDSL) not detected
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 10:33:33 CET 2017

Total time taken to generate the page: 0.00500 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.