Using core 9.00.00 to access a webserver

Security Gateway Discussions
Post Reply
Revo

Using core 9.00.00 to access a webserver

Post by Revo » 16 Apr 2008, 08:25

Hi,

When I try to access a webserver through Clavister I'll get a message "SSH-2.0-1" in the browser. I have a SAT, Allow rule as explained in the how to's.
This is what I want to do:

From WAN to 10.16.0.28 (a webserver)

I have changed the port in the Clavister advance to 8080, and disabled http access.
Do anyone have any suggestions or do you want me to explain more?

Thanks in advance ;)

Peter
Posts: 696
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: Using core 9.00.00 to access a webserver

Post by Peter » 16 Apr 2008, 09:03

Where are you connecting from? If you connect from the internal network it wont work, then you need to either modify the allow rule to only trigger for external traffic (to make the "normal" nat outbound rule trigger for internal) or add a NAT between the SAT and Allow rule for interla traffic.

Example:

Normal SAT rule:
  • Sat Any All-nets Any ip_wan https SetDest=10.16.0.28
    Allow Any All-nets Any ip_wan https
Solution #1
  • Sat Any All-nets Any ip_wan https SetDest=10.16.0.28
    Nat lan lannet any ip_wan https
    Allow Any All-nets Any ip_wan https
Solution #2
  • Sat Any All-nets Any ip_wan https SetDest=10.16.0.28
    Allow wan All-nets Any ip_wan https
/Peter

Revo

Re: Using core 9.00.00 to access a webserver

Post by Revo » 16 Apr 2008, 12:17

Peter wrote:Where are you connecting from? If you connect from the internal network it wont work, then you need to either modify the allow rule to only trigger for external traffic (to make the "normal" nat outbound rule trigger for internal) or add a NAT between the SAT and Allow rule for interla traffic.

Example:

Normal SAT rule:
  • Sat Any All-nets Any ip_wan https SetDest=10.16.0.28
    Allow Any All-nets Any ip_wan https
Solution #1
  • Sat Any All-nets Any ip_wan https SetDest=10.16.0.28
    Nat lan lannet any ip_wan https
    Allow Any All-nets Any ip_wan https
Solution #2
  • Sat Any All-nets Any ip_wan https SetDest=10.16.0.28
    Allow wan All-nets Any ip_wan https
/Peter

I can connect through my internal net. It is when I try to connect through the ext net. My rules are following : Note that I only use http and not https

Sat Any All-nets Any ip_wan http SetDest=10.16.0.28
Nat lan lannet any ip_wan http
Allow Any All-nets Any ip_wan http

I will try to put in some log in this thread when I'll get some time over.

/Revo

Revo

Re: Using core 9.00.00 to access a webserver

Post by Revo » 17 Apr 2008, 16:13

I have now attached the rule and some logs.
Any suggestions :?:

/Revo
Attachments
2.JPG
1.JPG

Peter
Posts: 696
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: Using core 9.00.00 to access a webserver

Post by Peter » 18 Apr 2008, 08:22

What exactly are you trying to accomplish? Are you trying to forward all webtraffic to a proxy as in How To -> http://www.clavister.com/support/kb/10009 ?

Local_Undelivered means that the SGW has received a packet, picked it up but then have no idea where to send it. An example would be a SAT rule without a matching Allow or Nat rule.

Keep in mind that if the destination IP address is an interface address of the SGW, the destination interface will not be if2, but Core.

danilovav
Posts: 181
Joined: 10 May 2009, 08:16
Location: Moscow, Russia
Contact:

Re: Using core 9.00.00 to access a webserver

Post by danilovav » 06 Sep 2011, 20:01

In SAT chain, destination interface should be core
BR, Alexandr Danilov

Post Reply