Hi all, my name Irwan, from Indonesia.
I have problem to setup 1:1 NAT on our server.
We have vlan’s configured from Cisco router, and route traffic internet to DMZ.
We have fortigate as our firewall ( used 2 wan port,1 LAN port and DMZ port ).
On our fortinet, we have no problem when configure 1:1 nat to our server in other vlan, but today, our fortinet is dead ( hardware failed to boot ).
Right now, we have configure nethserver with 4 Ethernet card ( 2 wan, 1Lan and 1 DMZ ).
Internet access from user ( vlan 1 and other vlan ), is route through DMZ and no problem, but when configure 1:1 NAT for webservers, only server with vlan 1 is work fine, but servers with other vlan’s ( let say vlan 10), NAT not working ( only server in vlan 1 can accessed by public IP )
Is there any suggestion for this?
PS : sorry for my English, hopefully not too bad.
update : still cannot access to this server.
check firewall log, found this:
Sep 17 14:04:12 FW-RS1 kernel: Shorewall:net2orang:DROP:IN=eth2 OUT=eth3 SRC=139.228.224.239 DST=172.25.34.1 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=48343 DF PROTO=TCP SPT=51418 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
SRC=139.228.224.239 : is my other ISP beyond on my nethserver
DST=172.25.34.1 : is my target local ip ( nat with public ip 202.xxx.xxx.xxx ) on vlan 10 ( on my pic is 172.25.34.4 )
ETH2 : WAN2 on my Nethserver
ETH3 : DMZ zone