Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » KWF and Bulletproof-FTP-server
  •  
r.aerts

Messages: 19
Karma: 0
Send a private message to this user
Hi!

I have 2 LANs behind my KWF-server:
LAN1 = 192.168.1.0/255.255.255.0
LAN2 = 192.168.2.0/255.255.255.0

LAN1 is the network of the company with servers and clients. LAN2 is a network with only an FTP-server.

NIC-IP on KWF-server for LAN1 = 192.168.1.1
NIC-IP on KWF-server for LAN2 = 192.168.2.1
NIC on KWF-server for Internet has multiple IP:
xxx.xx.xxx.101 till xxx.xx.xxx.105

Access to the FTP-server (192.168.2.2) is possible from the Internet, from LAN1 and from VPN-clients by entering ftp.company.com.
I have made the following rules:

Name: Local FTP
Source: LAN1 – VPN Clients
Destination: LAN2
Service: FTP
Translation: NAT (Default outgoing interface)
Protocol Inspector: FTP

Name: Service FTP
Source: Internet
Destination: xxx.xx.xxx.102
Service: FTP
Translation: NAT (Default outgoing interface) MAP 192.168.2.2:21
Protocol Inspector: FTP

The FTP-server is running Bulletproof and when I am accessing the server from the Internet Bulletproof is showing the IP-address that is accessing the server. But Bulletproof shows the IP-address of the KWF-server; 192.168.2.1 and not the IP-address of the accessing client.
Also when I am accessing the FTP-server from LAN1, Bulletproof is showing the IP-address of the KWF-server and not the IP-address of the accessing client (192.168.1.202).

How do I fix this? Did I configure the rules wrong?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Internet: Remove the NAT part from the rule Service FTP (only MAP part should be there).
LAN: because you use NAT kerio changes the ip address of the client in the tcp packet with its own (192.168.2.1). You could try it without NAT for the rule Local FTP

[Updated on: Fri, 23 June 2006 16:44]

  •  
r.aerts

Messages: 19
Karma: 0
Send a private message to this user
Hi Feite,

Thx for your reply.
I have tried it, but when I remove NAT I can do nothing. Ping does also not work.
I do not know why!
How is this possible?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Does internet work now?
Enable NAT for the LAN again. This way you will lose information of the client ip address. This is the same when you access the internet. The firewall will subsitute its public ip address for the internal private one.
Previous Topic: Kerio VPN with (NetBIOS) Resources of the Local LAN
Next Topic: Work With IPSEC
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 21:30:37 CET 2017

Total time taken to generate the page: 0.00375 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.