from external ip to an internal webserver ip

Forum|Forum|16 years ago
January 6, 2010
8 replies
5966 views

Hello, i have never worked with a complicated router before therefor i would really like some help from pro' s. My problem is the following. I need to link a webserver in the internal network to the external wan IP, so that it can be accessed from everywhere. Our router is a fortigate 50B. I ve done it on a simple router, with virtual ip and DMZ. When I enter the settings with virtual ip on the fortigate it doesn' t work. I must be missing something but the interface and options are too complex for someone with limited knowledge. So again all i need is when the Wan IP from the provider is entered in a browser that the router redirects it to our internal webserver 192.168.100.x Thanks! regards Yves

A

Anonymous_UserAuthor

Contributor

you need two things for that: 1. The Virtual IP Specify the External Interface, your public IP and the mapped IP (the IP of your webserver). 2. A Firewall Policy. Create a Policy with the following settings: Source Interface: The external Interface you are using (must be the same which you have specified in the VIP in case you have multiple wan ports in use...) Source Address: ALL Destination Interface: The Internal Interface to which your webserver is connected. Destination Address: The Virtual IP you have created. After that, you should be able to connect to your webserver from the internet.

A

Anonymous_UserAuthor

Contributor

thank you for the reply. I m afraid i allready tried the settings you mentioned. Virtual ip is my external ip WAN1 visiable in " system>network" copy past: githo wan1/84.195.xx.xxx 192.168.100.159 i left map to port open since its standar tcp port 80 on the webserver on the policy i made the policy you said source interface wan1 source adress all destination interface internal Destination adress githo (name of the vip) schedule always service any action accept and all other setting unmerked except NAT copy past: 2 all githo always ANY ACCEPT I just get a time out on every internet connection except the one on the internal network. which is rather weird. I must say i changed some setting in the " Protection Profile" under firewall scan strict unfiltered web under protocol recognition > http i put monitored ports on ALL, cant seem to remove it again.

A

Anonymous_UserAuthor

Contributor

try unchecking the NAT box in the Firewall Policy

A

Anonymous_UserAuthor

Contributor

NAT unchecked, still nothing. Any other settings that i can try ? do i need port forwarding ?

rwpatterson

New Member

Are you trying this from inside the same network, or from the outside?

A

Anonymous_UserAuthor

Contributor

when i try the wan1 ip on a brwoser from a pc in the internal network i get the indexpage of my webserver. When i try it through another internetconnection i get nothing.

rwpatterson

New Member

Is the web server set up correctly? Is it allowing connections from all IP addresses? Is the subnetting correct? etc... I suspect the culprit is not the firewall. The inside PC is on the same subnet.

A

Anonymous_UserAuthor

Contributor

Hmm, the webserver is a standard setup. Where should I check that it does accept all ips and allows other subnets? it' s an IIS 6.0 server server2003 thx for the help btw! regards Yves

rwpatterson

New Member

Sorry, I' m more of an Apache dude. IIS is like Russian to me...

A

Anonymous_UserAuthor

Contributor

Apparantly its not the server. Since it works with another router. Any idea' s what setting could cause this in the fortigate?

rwpatterson

New Member

Show the CLI output from:

  # show firewall vip <vip_name>  # show firewall policy <policy_number>

A

Anonymous_UserAuthor

Contributor

Ok i think i found whats causing this. Apparently the ISP blocks port 80, so i now readjusted the server to listen on port 8080. But i still get a timeout, so i guess i got to open the port on the router. Again on a normal router no problem .. but how do you do this on the fortigate? so all i need is when you enter the external ip -> it goes to internal webserver