How to make internal WebServer public?

[Josh16]

Hi all,

i have problems at making a web server public.
my net looks simplified like this:

Internet
|
Router
192.168.1.1
|
192.168.1.2
Firewall
10.1.1.30
|
|
10.1.0.0
Internal-net (here is the webserver 10.1.1.2)


i try to reach the webserver from an external workstation.
i have made the following rule:

any Firewall https accept

further i have nat rules for internal-net and the following for the webserver:

any Firewall https any Webserver https

but it doesn't work. In the log files there is only a entry for the rule that accepts traffic to Firewall via https. The NAT rule doesn't take place.


Thank for ur help

 

[Piloria]

Create an object for the webserver
10.1.1.2
In the Topology select the NAT tap and put in an address 192.168.1.3 (or any free IP in this range) Use Static NAT

create a rule
Any Webserver HTTPs,HTTP Accept Log
remove the Manual NAT rules you have created.

For the internal Network create an network object internal_Net 10.1.0.0 255.255.0.0
in its NAT tab set this to another free IP in the 192.168.x.x range Hide NAT (or use hide behind Firewall interface if you dont have many addresses)

(this is for newer versions of CP FW-1 so if you are using an older version say so)
Also if you dont have any spare IP addresses in the 192.168.x.x then you will need to do this via manual nat (hard work so i will only go into it if you have to)

 

[Josh16]

Thanks for ur help.

If i do so, i have to configure my router to forward port 443,80 to 192.168.1.3. Is that right?


Yesterday i was tryin this rule:

any Firewall https_mapped(match:SRV_REDIRECT(443,10.1.1.2,443) accept

it seems to work. Is there anything bout it?

 

[Piloria]

That should be fine
as you are using reserved ip addresses you will need to do some port forwarding from the one ip address you have at the router. either on the router or it could be done on the firewall (Whicheer you are more comfortable with).