Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Access to internal webmail
  •  
efrenba

Messages: 5
Karma: 0
Send a private message to this user
Hi,

I've problem to access from public lan to telnet inside privated lan.

This is my network layout:
--------------------------

Public Lan: [192.168.80.0/24]
|
Interface (Name: Publan): [192.168.80.2/24]
-------------------------------------------
KWF v6.0.11 on Win2k advanced server
-------------------------------------------
Interface (Name: Intlan): [7.96.160.4/25]
||
|+Privated Lan: [7.96.160.0/24]
|
+Unix: [7.96.160.7:telnet]


I've set this Traffic Police rule:

Name: Map-Telnet-Unix
Source: (Network Interface: Publan)
Destiny: (Network Interface: Firewall)
Service: Telnet
Action: Permit
Translation: MAP 7.96.160.7:23

What am I doing wrong?

I hope you can help me
Thanks....

Note: NAT works fine...

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Try it without the port mapping (23). Only map to the internal ip address.
  •  
efrenba

Messages: 5
Karma: 0
Send a private message to this user
I tried without port number and neither it works..

KPF Logs->filter:
-----------------

[09/Nov/2005 14:59:09] PERMIT "Map-Telnet-Unix" packet from Publan, proto:TCP, len:48, ip/port:192.168.80.7:1077 -> 192.168.80.2:23, flags: SYN , seq:3062690043 ack:0, win:16384, tcplen:0
[09/Nov/2005 14:59:09] PERMIT "Map-Telnet-Unix" packet to Intlan, proto:TCP, len:48, ip/port:192.168.80.7:1077 -> 7.96.160.7:23, flags: SYN , seq:3062690043 ack:0, win:16384, tcplen:0
[09/Nov/2005 14:59:12] PERMIT "Map-Telnet-Unix" packet from Publan, proto:TCP, len:48, ip/port:192.168.80.7:1077 -> 192.168.80.2:23, flags: SYN , seq:3062690043 ack:0, win:16384, tcplen:0
[09/Nov/2005 14:59:12] PERMIT "Map-Telnet-Unix" packet to Intlan, proto:TCP, len:48, ip/port:192.168.80.7:1077 -> 7.96.160.7:23, flags: SYN , seq:3062690043 ack:0, win:16384, tcplen:0
[09/Nov/2005 14:59:18] PERMIT "Map-Telnet-Unix" packet from Publan, proto:TCP, len:48, ip/port:192.168.80.7:1077 -> 192.168.80.2:23, flags: SYN , seq:3062690043 ack:0, win:16384, tcplen:0
[09/Nov/2005 14:59:18] PERMIT "Map-Telnet-Unix" packet to Intlan, proto:TCP, len:48, ip/port:192.168.80.7:1077 -> 7.96.160.7:23, flags: SYN , seq:3062690043 ack:0, win:16384, tcplen:0


Would be the MAP from 192.168.80.0 to 7.96.160.0?
I mean, realize, I'm using a nonrouteable ip range as public lan range.

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
The packets are received on the publan interface and forwarded to the intlan interface to the correct ip/port. Do you have a filter / firewall on the unix machine? Is the gateway on that machine set to the firewall? Can you ping a public machine from the unix machine?
  •  
efrenba

Messages: 5
Karma: 0
Send a private message to this user
Hi,

Is not a unix machine, is a Win2k AS.

From inside the lan and firewall pc every things are all right because I have access to any service of external lan (included ping).

From firewall pc I have full access to internal lan (ping too).

The problem is from external lan to internal services, for instance: telnet.

Could you check the ip range of the interfaces?

Thanks...
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
private ip addresses are:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
169.254.0.0 -169.254.255.255
192.168.0.0 - 192.168.255.255

The addresses you use are not private (7.96.160.4/25). Are you sure the IntLan is the internal / private lan?
Previous Topic: Kerio WinRoute Firewall 6.1.3 released!
Next Topic: Connection refused frequently
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 07:27:03 CET 2017

Total time taken to generate the page: 0.00473 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.