Hi All!
I have problem as title.
Follows illustration is current situation and work fine.
And unit test of addition network as follows illustration, (Reference: https://getlabsdone.com/how-to-configure-dmz-on-the-fortigate-firewall )
Ping/FTP access from Client(20.0.2.118) to FTP Server(10.1.0.2) @ FileZilla work fine.
Both merged as follows illustration..
And I added static route @ EdgeRouter 4 as follows
set protocols static route 10.1.0.0/24 next-hop 10.0.2.16 description 'Intranet to DMZ' set protocols static route 10.1.0.0/24 next-hop 10.0.2.16 distance 253
Ping from Client (20.0.2.118) to FTP Server(10.1.0.2) work fine.
$ping 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=127 time=0.770 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=127 time=0.498 ms
But FTP won't work @ FileZilla as follows.
Status: Connecting to 10.1.0.2:21... Status: Connection established, waiting for welcome message...
Netstat @ FTP Server (10.1.0.2) as follows.
TCP 10.1.0.2:21 10.0.2.118:51692 SYN_RECEIVED
Stall at SYN_RECEIVED state.
In this time. netstat result @ Client (10.0.2.118) as follows
$ netstat -an|grep 10.1.0 tcp 0 0 10.0.2.118:54432 10.1.0.2:21 ESTABLISHED
After several seconds, state changed as follows.
$ netstat -an|grep 10.1.0 tcp 0 1 10.0.2.118:54432 10.1.0.2:21 FIN_WAIT1
Result of traceroute @ Client (10.0.2.118) as follows.
$ traceroute 10.1.0.2 traceroute to 10.1.0.2 (10.1.0.2), 30 hops max, 60 byte packets 1 _gateway (10.0.2.2) 0.252 ms 0.159 ms 0.155 ms 2 10.0.2.16 (10.0.2.16) 0.608 ms 0.559 ms 0.510 ms 3 * * * 4 * * *
And I had tried to packet capture @ Fortigate 40F, I saw SYN and SYN+ACK existence, look good?
I no idea why won't work, missing something.
Client sent packet to EdgeRouter4 but received packet from Fortigate 40F is invalid I assume.
But I no idea how to route received packet from Fortigate 40F -> EdgeRouter4 -> Client
Please help me to fix.
Thanks all very much.
1 Solution
