Re: Port forwarding on RED multi-IP

I suggest you compare your configuration with Kenneth who says he has
multiple red IPs forwarding successfully with EFW 2.4.1.

Also, could you perform a test? SSH in to your EFW machine or go to the
console and try to telnet to one of the secondary IPs that have a port
forwarding rule defined and see if the traffic is correctly forwarded when
tested in this manner. This is the test I performed on the virtualized setup
that led to the likely conclusion that this is virtual network issue rather
than an EFW specific issue.

Example:

let's say your primary IP is x.x.x.x and your secondary is x.x.x.y, define a
forwarding rule on x.x.x.y pointing to an internal machine with an
accessible service such as terminal services, smtp, imap, pop, etc -
whatever which is what is not working under 2.4.1, then from a console/ssh
session on the endian test with telnet:

telnet x.x.x.y <port#>

and see if the a connection is established

thanks very much





Farzan Qureshi-2 wrote:
>
> I am not running endian as VM appliance but as a physical host. My version
> is 2.4.1.
>
> Wondering if it works for u under vm then i will move to vm scenario.
> On Oct 22, 2011 12:12 PM, "rone" <ron@...> wrote:
>
>>
>> Will do, could you please post what is your configuration so we can
>> compare
>> and gather further data? Version of Endian you have tested / which
>> virtualization solution?
>>
>> Thanks
>>
>>
>> Farzan Qureshi-2 wrote:
>> >
>> > Plz do post your findings as i am also running into same issues..
>> > On Oct 22, 2011 6:48 AM, "rone" <ron@...> wrote:
>> >
>> >>
>> >>
>> >> Thanks for the offer. Somewhat of a breakthrough last night. Am
>> running
>> >> EFW
>> >> as a virtual machine under KVM and it seems that somehow packets are
>> not
>> >> actually making it to the EFW on the secondary IPs, seems something to
>> do
>> >> with the virtualization configuration although it is the first time
>> I've
>> >> seen this and have run a variety of OSs under the same setup.
>> >>
>> >> EFW 2.4.1 definitely had the issue with not forwarding traffic to any
>> but
>> >> the primary IP running directly on hardware which is why we switched
>> to
>> a
>> >> virtualized setup. That particular installation has been replaced so I
>> >> don't
>> >> have an example to show on that one.
>> >>
>> >> Will pursue this from the virtualization side and post back here what
>> I
>> >> find.
>> >>
>> >> Thanks for the input.
>> >>
>> >>
>> >> Kenneth Lundström wrote:
>> >> >
>> >> > If needed we could use Teamviewer and you can show your
>> configuration,
>> >> >
>> >> >
>> >> > Kenneth
>> >> >
>> >> >> Thanks,
>> >> >>
>> >> >> I would be extremely interested in what version you are running and
>> >> what
>> >> >> your port forwarding configuration is. I have spent many hours with
>> >> this
>> >> >> and
>> >> >> have not been able to get any but the first / primary IP assigned
>> to
>> >> the
>> >> >> red
>> >> >> interface to forward any traffic to an internal IP.
>> >> >>
>> >> >> I am configuring rules as follows:
>> >> >>
>> >> >> Port forwarding / Nat rule: Access from type Any, Target: have
>> tried
>> >> any
>> >> >> uplink as well as selecting the specific red IP desired. Any uplink
>> >> works
>> >> >> only on the primary IP.
>> >> >>
>> >> >> Filter policy is either allow or allow with IPS.
>> >> >>
>> >> >> Services are typically a single TCP port.
>> >> >>
>> >> >> Translate to: IP , DNAT policy: NAT.
>> >> >>
>> >> >> Insert IP: internal IP of server to be forwarded to, Port/Range:
>> >> internal
>> >> >> port to be forwarded to.
>> >> >>
>> >> >>
>> >> >> Any advice or input would be greatly appreciated.
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> Kenneth Lundström wrote:
>> >> >>> In what way can't you get it to work?
>> >> >>>
>> >> >>> I have at the moment two Endian running with maybe 15 RED IP:s on
>> >> both
>> >> >>> and can forward from whatever IP to whatever internal address I
>> like.
>> >> >>>
>> >> >>> Please describe what you have done and we might be able to help
>> you.
>> >> >>>
>> >> >>>
>> >> >>> Kenneth
>> >> >>>> Dear All,
>> >> >>>>
>> >> >>>> This has been discussed before - I have been using Endian for
>> years
>> >> and
>> >> >>>> for
>> >> >>>> the first time attempted to configure a red interface with
>> multiple
>> >> >>>> IPs.
>> >> >>>> I
>> >> >>>> have tried many configurations to get this to work both in
>> version
>> >> >>>> 2.4.1
>> >> >>>> and
>> >> >>>> version 2.3.
>> >> >>>>
>> >> >>>> Would greatly appreciate any input on how to get ports forwarded
>> >> from
>> >> >>>> additional red IPs -- I can only get the primary red IP to
>> forward
>> >> any
>> >> >>>> traffic.
>> >> >>>>
>> >> >>>> Thanks.
>> >> >>>
>> >> >>>
>> >>
>> ------------------------------------------------------------------------------
>> >> >>> The demand for IT networking professionals continues to grow, and
>> the
>> >> >>> demand for specialized networking skills is growing even more
>> >> rapidly.
>> >> >>> Take a complimentary Learning@Cisco Self-Assessment and learn
>> >> >>> about Cisco certifications, training, and career opportunities.
>> >> >>> http://p.sf.net/sfu/cisco-dev2dev
>> >> >>> _______________________________________________
>> >> >>> Efw-user mailing list
>> >> >>> Efw-user@...
>> >> >>> https://lists.sourceforge.net/lists/listinfo/efw-user
>> >> >>>
>> >> >>>
>> >> >
>> >> >
>> >> >
>> >>
>> ------------------------------------------------------------------------------
>> >> > The demand for IT networking professionals continues to grow, and
>> the
>> >> > demand for specialized networking skills is growing even more
>> rapidly.
>> >> > Take a complimentary Learning@Cisco Self-Assessment and learn
>> >> > about Cisco certifications, training, and career opportunities.
>> >> > http://p.sf.net/sfu/cisco-dev2dev
>> >> > _______________________________________________
>> >> > Efw-user mailing list
>> >> > Efw-user@...
>> >> > https://lists.sourceforge.net/lists/listinfo/efw-user
>> >> >
>> >> >
>> >>
>> >> --
>> >> View this message in context:
>> >>
>> http://old.nabble.com/Port-forwarding-on-RED-multi-IP-tp32694429p32698079.html
>> >> Sent from the efw-user mailing list archive at Nabble.com.
>> >>
>> >>
>> >>
>> >>
>> ------------------------------------------------------------------------------
>> >> The demand for IT networking professionals continues to grow, and the
>> >> demand for specialized networking skills is growing even more rapidly.
>> >> Take a complimentary Learning@Cisco Self-Assessment and learn
>> >> about Cisco certifications, training, and career opportunities.
>> >> http://p.sf.net/sfu/cisco-dev2dev
>> >> _______________________________________________
>> >> Efw-user mailing list
>> >> Efw-user@...
>> >> https://lists.sourceforge.net/lists/listinfo/efw-user
>> >>
>> >
>> >
>> ------------------------------------------------------------------------------
>> > The demand for IT networking professionals continues to grow, and the
>> > demand for specialized networking skills is growing even more rapidly.
>> > Take a complimentary Learning@Cisco Self-Assessment and learn
>> > about Cisco certifications, training, and career opportunities.
>> > http://p.sf.net/sfu/cisco-dev2dev
>> > _______________________________________________
>> > Efw-user mailing list
>> > Efw-user@...
>> > https://lists.sourceforge.net/lists/listinfo/efw-user
>> >
>> >
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Port-forwarding-on-RED-multi-IP-tp32694429p32699609.html
>> Sent from the efw-user mailing list archive at Nabble.com.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> The demand for IT networking professionals continues to grow, and the
>> demand for specialized networking skills is growing even more rapidly.
>> Take a complimentary Learning@Cisco Self-Assessment and learn
>> about Cisco certifications, training, and career opportunities.
>> http://p.sf.net/sfu/cisco-dev2dev
>> _______________________________________________
>> Efw-user mailing list
>> Efw-user@...
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>
> ------------------------------------------------------------------------------
> The demand for IT networking professionals continues to grow, and the
> demand for specialized networking skills is growing even more rapidly.
> Take a complimentary Learning@Cisco Self-Assessment and learn
> about Cisco certifications, training, and career opportunities.
> http://p.sf.net/sfu/cisco-dev2dev
> _______________________________________________
> Efw-user mailing list
> Efw-user@...
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>

--
View this message in context: http://old.nabble.com/Port-forwarding-on-RED-multi-IP-tp32694429p32699767.html
Sent from the efw-user mailing list archive at Nabble.com.


------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user