Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Multiple public IP-adresses
  •  
r.aerts

Messages: 19
Karma: 0
Send a private message to this user
I have had 5 public ip-adressen from my ISP:
193.xx.xxx.1 mail.mycompany.com
193.xx.xxx.2 ftp.mycompany.com
……
193.xx.xxx.5

I have configured KWF at first with 2 NICS; one NIC for 193.xx.xxx.1 and one NIC for my LAN 192.168.0.1. Everything worked perfect.
At the next step I put an extra NIC in the server for a second LAN 192.168.1.1 for my FTP-server, because I do not want my FTP-server directly in my company network. In the traffic rules I created a rule for mapping all FTP-requests to the second LAN. No problem! Everything worked!

Problem:
Then I put a fourth NIC in the server for a second connection with the Internet 193.xx.xxx.2. I changed the source of the ftp-rule in traffic rules into the new internet-connection and everything worked. BUT, after a while nothing worked anymore! I couldn’t access the internet anymore. After disabling the second Internet-NIC and returning the traffic-rules as they were, the problem was solved.
Why does this happen? Is this not possible?
In the future I also want to setup 2 webservers through the same firewall. Is this also not possible?
How can I reach through 5 different public IP-adresses the correct server behind my firewall?
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I think the problem is that you can only have one gateway per IP segment. Web and FTP destinations are all on the internet, so on the same external network as far as KWF is concerned and thus 'should' have the same gateway address.

What you seem to want is routing based on service and AFAIK KWF can only route based on IP address.

I believe there are hardware devices that can do what you want. You could put such a device between the Internet and KWF. I think Kerio support could help you with info on that.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
About your second issue:
Quote:

In the future I also want to setup 2 webservers through the same firewall. Is this also not possible?
How can I reach through 5 different public IP-adresses the correct server behind my firewall?

You can bind more IP addresses to one interface and KWF can distinguish between them. So you could forward traffic to IP 1 to webserver 1, traffic to IP 2 to webserver 2, etc.
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Assign in Windows all public ip addresses to the WAN NIC. When you want to accept mail only on 193.xxx.xxx.1 create a rule like this:

name: mail service
source: internet
dest: 193.xxx.xxx.1
service: SMTP
map: internal ip of mailserver

If you want to accept ftp traffic only on 193.xxx.xxx.2 create a rule like this:

name: ftp service
source: internet
dest: 193.xxx.xxx.2
service: FTP
map: internal ip of ftp server

If you want to create a rule that handles all traffic from the internet to the firewall on all public ip addresses use 'firewall' at the destination field.
  •  
r.aerts

Messages: 19
Karma: 0
Send a private message to this user
Thank you for your help! Now it works proparly!
(It's such a nice forum Razz !)
  •  
r.aerts

Messages: 19
Karma: 0
Send a private message to this user
My FTP-server is accessible from the Internet when users connect to ftp://193.xxx.xxx.2. When users on the LAN wants to connect to the FTP-server it is not possible to connect to ftp://193.xxx.xxx.2, but the have to use the internal IP-address of the FTP-server.
Is it possible to use ftp://193.xxx.xxx.2 also when users are in the LAN?
  •  
r.aerts

Messages: 19
Karma: 0
Send a private message to this user
Thx Pavel, now I understand it and it works!!
Previous Topic: problem with open ports
Next Topic: Block Upnp
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 19:02:57 CET 2017

Total time taken to generate the page: 0.00413 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.