Please advise me how to enable the NAT for my Firebox II v4.1

[kelvinli]

I an external ip addresses a.b.c.d and would like to NAT to my internal ip address 192.168.1.1 so that my client from the outside could access the port of 1433 [odbc] of my server [192.168.1.1] in "trusted"

I have create a service called my_odbc
property 1433
in incoming from "any" to NAT a.b.c.d -> 192.168.1.1
in outgoing from "any" to "any"
set dynamic NAT {default [simple NAT]}

I save it, and testing the ODBC from outside does not work ..
so in setup - NAT ... I also added a line
192.168.1.1 -> a.b.c.d.

Am I right to do so? What goes wrong? Please tell me here.

thank you in advance for your help.

Regards,
Kelvin Li

 

[JUSTFIREWALLIT]

Hello,

After adding a service into policy editor,double click the service added,click on incoming ,make it enabled and allowed then click on ADD under "TO" field then click on NAT,from the drop down list of external IP address, select the Public IP address and if its not listed then click on Edit and add the IP address and then punch the local IP addresses and That will be it!

Another thing you need to check is the port numbers.

If it still doesn't works,connect your local machine,assign the public ip address and then try connecting just to make sure all the configurations are fine.

Lemme know if it works.

 

[kelvinli]

Hi Tarak,

thanks for the update. I have also enable the logging so I knew the incoming is allowed. However, my pc client from outside still could not access thru ODBC to the server's DB

so, I am thinking there is some problem on the NAT setup or the problem on the outgoing NAT

To make it short, I just want to enable some 1-to-1 NAT in this Firebox II i.e. outside is a.b.c.d inside to my trusted LAN it is 192.168.1.1
This way, my remote-PC could access my odbc systerm in my trusted LAN

Hope you could understand my information, and mind to dump me some screen to my email a/c
kelvinhhli@sinatown.com

I am really not sure the setup of the &quot;SETUP&quot;--> &quot;NAT&quot; ... so I add en entry 192.168.1.1 <-> a.b.c.d

in the services, I made 2 trial one with &quot;ENABLE NAT&quot; , the other is &quot;Default NAT&quot; ; however, both do not work.

in the property, I added the ODBC[1433] with TCP and client; in fact I also try &quot;1433,tcp,port&quot; ...
in both cases, the log said &quot;allow&quot;; but the remote-PC still could not...

So,please help me and tell me the details.

Many thanks,

ps: I am using Firebox II with version 4.1 of LiveSecurity System

 

[Ntr0P]

With your current version of the FB software, you are not able to perform 1:1 NAT. However configuring port forwarding as you have will work.

You may want to consider changing your incoming rule from &quot;any&quot; to 192.168.1.1 to a specific IP to 192.168.1.1. I receive several attempts per day on port 1433 from the SQLSnake worm (presumably). Or better, use VPN and avoid opening a potentially dangerous port.

Also, on the service you created verify that the client port is set to ignore.

 

[JUSTFIREWALLIT]

Kelvin,

I've sent you a document on your EMAIL address.Guess that helps you!.

 

[kelvinli]

Hi JUSTFIREWALLIT (IS/IT--Manageme) ,

In fact, I did the same as in your screens but just could not get it done. I got queries on the NAT config. here is the query:

let say the real ip is a.b.c.d
my internal ip is 192.168.1.1

in fact, I want to setup the Win2000 terminal server i.e. port number 3389 from outside to assign the inside server thru internet.

However, I am not sure if I need to INSERT a record in &quot;SETUP ... NAT ...&quot; session under the dynamic NAT ...to include this:

192.168.1.1 --> a.b.c.d [to make the outgoing work???]

also in the outgoing tab of my service, I have set &quot;any&quot; & &quot;any&quot; ; how about the selection of &quot;NAT ..&quot; should I use &quot;Default simple NAT&quot; or &quot;ENABLE NAT&quot; ?

If these setup is confirmed, I think it could be worked.

The bottom line: has anyone sucessful setup this NAT ?

please dump me more screens including the outgoing, properties of the services, and also the setup of NAT ...

again, I am using Firebox II; s/w version 4.1

Many many thanks,

Regards,
Kelvin Li