Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Setting up external access to QNAP webinterface

Hello, I hope you can help me, I am going mad. I am trying to enable external access to our NAS. The webinterface listens on port 8080, wan1 has a working dyndns configuration. I am trying this: VIP: config firewall vip edit " QNAP" set extintf " wan1" set portforward enable set mappedip 192.168.1.7 set extport 8080 set mappedport 8080 next Policy: edit 3 set srcintf " wan1" set dstintf " internal" set srcaddr " all" set dstaddr " QNAP" set action accept set schedule " always" set service " ANY" It isn' t working though. Any obvious reason you can see?
18 REPLIES 18
ede_pfau
SuperUser
SuperUser

How is the IP and subnetmask defined on the QNAP? What are the settings for the internal interface on the FG? System/Network
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Not applicable

Ah there it is. Right where it should be. :-) The QNAP has a static IP, default gateway and subnetmask can be manually set and are set to the values of the internal interface of the fortigate. (192.168.1.1 / 255.255.255.0 I now see that wan1 (the interface i try to use for external access) has the subnetmask of 255.255.255.255. This might be the problem?
ede_pfau
SuperUser
SuperUser

au bitte, könnten wir mit dem Ratespiel aufhören?? wie sind die Einstellungen am QNAP GENAU? und für das int. Interface der FG GENAU? jeweils 3 Werte bitte: IP, Maske und Gateway.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Not applicable

Thank you for your continued help. Sorry for the guesswork, I intended to give as much info as possible. I think we should continue in English, so other people can read this too. QNAP: 192.168.1.7 255.255.255.0 192.168.1.1 Internal interface: 192.168.1.1 255.255.255.0 How do I determine the gateway for the internal interface? The external interfaces are configured as follows: wan1: dynamic external IP / 255.255.255.255 wan2: 192.168.99.102 / 255.255.255.0 wan1 connects to a modem, wan2 to a router with integrated modem. Both have their own Internet connection.
ede_pfau
SuperUser
SuperUser

OK, thanks. The IP settings are correct. What I suspect is that your request for the QNAP web GUI comes in on one WAN and the answer goes out the other. That would appear as every second packet dropped (or so). What are the settings of the routing table? Can you please give the information under Router/Monitor - there should be 2 default routes " 0.0.0.0/0" for wan1 and wan2 resp. One test would be to pull the cable on the wan2 port. Then the corresponding route should go down and not transport any traffic anymore. Do you really need two gateways to the internet? What firmware version are we talking about? If v4, have you read about ECMP?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Not applicable

These are the entries in the Routing Monitor: Static 0.0.0.0/0 5 0 192.168.99.1 wan2 Connected 88.69.64.1/32 0 0 0.0.0.0 ppp0 Connected 88.69.68.35/32 0 0 0.0.0.0 ppp0 Connected 192.168.1.0/24 0 0 0.0.0.0 internal Connected 192.168.99.0/24 0 0 0.0.0.0 wan2 The formatting didn' t survive pasting, I hope it is readable. My boss has two contracts due to one included with a cell phone. So I guess I do need them although I hate this setup. I did not set up this system by the way, so I have to learn as I go. Fimware is: v4.0,build0279,100519 (MR2 Patch 1) I did not read about ECMP, but I will now. Pulling plugs will have to wait until we close up shop. (I don' t want to risk disrupting internet access)
ede_pfau
SuperUser
SuperUser

I see you are not using wan1 at all. Am I right in assuming that 192.168.99.1 is the router on wan2? How did you configure the external IPs 88.69.x.y? They look as if assigned statically. Don' t you use PPPoE? *confused* If your internet access is established via the external router then the router bears the external IP, not the firewall. Right?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Not applicable

I am thoroughly confused now. 192.168.99.1 is indeed the router on wan2. The aforementioned 192.168.99.102 is in fact the firewalls IP as seen from the router, sorry about that The external IPs cannot be statical because we definitely use PPPoE. The router has the external IP, yes. In case of wan2 that is, wan1 has the external IP directly assigned to it. Wan1 is not used at all according to those routes? That is very strange. There are static routes too if that helps: IP/Mask Gateway Device Distance Priority 0.0.0.0/0.0.0.0 192..168.2.1 wan1 5 0 0.0.0.0/0.0.0.0 192.168.99.1 wan2 5 0 The gateway 192.168.2.1 seems to be left over from when there was a router on wan1, too. I took this one out for simplicitys sake. Do I have to update this route somehow? My head is spinning, I guess I will have to do some serious reading.
ede_pfau
SuperUser
SuperUser

As seen from the Router Monitor, you have deleted the default route to 192.168.2.1? Please confirm. There is nothing wrong with making the router the default gateway. Have you made the router " transparent" to port 8080 traffic, i.e. created a port forwarding to .99.102? If not or if this is not configured correctly then no 8080 traffic ever reaches the FG. Have you checked that there are no ACLs (" firewall" ) on the router itself? I correct myself, wan1 is using PPPoE and has 2 IPs assigned to it. But as there is no default route pointing to wan1 it is not used for outgoing traffic to the internet. So I don' t think it interferes here. You can monitor traffic on wan1 with the bandwidth gadget (widget) on the Status page. This setup is more complicated than needed, with a transfer net between FG and router. Can' t you just put the router in modem mode (bridge) and handle the PPPoE login on the FG? You' ll see more, have dynDNS etc. The way it is set up now you' ll have to configure 2 devices everytime you change something.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors