Question : NAT problem

Hi,

I have a webserver and ftpserver in a DMZ IP : 192.168.10.2 sub : 255.255.255.0 gateway 192.168.10.1

192.168.10.1 is a NIC on my FW,
on this FW I have as well a LAN 192.168.1.0 sub 255.255.255.0 gateway 192.168.1.101 => second NIC onmy FW.
And my third NIC on my FW has a public IP with gateway, my router

From my LAN, I have access to whatever I want, from my DMZ aswell BUT, I can not make my webserver or ftp server available from the internet.

When I surf on the internet from my DMZ my public IP appears well if I do a netstat from the target server.

What I did is :

route add
arp -s at leads to the router>

I did it without that and it workde fine thanks to my FW rules

Now, when I check the log of my FW it says that the traffic from outside to the ftpserver is accepted but... I can not have access to this ftpserver ! It is then blocked elsewhere but where ???

Can someone help me please ?

Answer : NAT problem

Ok I do not have the time now to read all the route.
Let's try to disable the IP spoofing.

Go to Manage objects, choose your firewall objects then properties, in the Interfaces tab edit all Interfaces and put : Valid addresses any and Spoof tracking log.
You will see if it's working better.

Also can you check in the log file what is the exact reason for the packet dropped by rule 0 (the detail column is at far right) and send me the message.

Gerome
Random Solutions  
 
programming4us programming4us