Re: sonicwall soho3 and nat

From: Chris Comley (ccomley_at_gmail.com)
Date: 09/09/04

  • Next message: Francesco: "Kerio Personal Firewall and connection that I don't understand..." 
    Date: Thu, 09 Sep 2004 10:05:53 +0100

    "olivier HARO" <o.haro@en-compro.com> wrote:

    >Hello, I have a configuration problem with my SONICWALL SOHO3 firewall :
    >
    >I would like to make visible from INTERNET my web server on my network.
    >Here is my configuration :
    >
    >
    >INTERNET
    > |
    >modem router enicon ADSL (nat possibility) (Dynamic ip AND
    >192.168.1.1)
    > |
    >firewall sonicwall SOHO3 (192.168.1.2 AND 192.1.1.3)
    > |
    >WITCH 10/10Mbits
    > |
    >My IIS SERVER (192.1.1.5)
    >
    >
    >
    >Is it possible to do what I want (even if I have to make changes on my
    >network)?

    It's a little tricky because you're doing NAT twice and you would have
    to "map" the inward traffic twice. Doing this through the Sonciwall is
    easy - just create a "Public LAN Server" - on the "Access" page,
    "Services" tab, just fill in 192.1.1.5 in the publuic lan server
    column next to the "Web - HTTP)" row.

    But you now also have to make the same change to the Enicon - and I'm
    not familiar with that model so can't help. Remember that the
    "passthrough" destination for the port 80 traffic, as far as the
    *router* is concerned, is 192.168.1.2, the Sonic.

    Finally, as your public IP is dynamic, you will need to set up some
    way for anyone who needs to visit your website to know what IP it's
    on. DynamicIP may help, though it'll be easier if you get a fixed IP
    address.

    Whilst you're finding ouyt if your ISP will give you a fixed IP
    address, find out if they'll give you a block of four! This would give
    you a fixed IP address for the LAN side of the router and the WAN side
    of the sonicwall, so you could turn NAT *off* in the router and leave
    the Sonicwall to do it, this is much more straightfoward to deal with.
    i.e. you'd have something like

    Router - no nat
    217.146.1.1 (255.255.255.252)
    |
    217.146.1.2 (255.255.255.252)
    Sonicwall - NAT on
    192.168.1.1
    |
    192.168.1.100
    IIS server

    etc 

    ---
Wizards Ltd www.wizards.co.uk
UK supplier of Sonicwall, Watchguard, Zywall.
  • Next message: Francesco: "Kerio Personal Firewall and connection that I don't understand..."

    Relevant Pages

    • Re: Need to make sever IP cameras visible on the internet.
      ... I would purchase a SonicWall Firewall appliance first off. ... Put that Netopia DSL Router into Router mode and remove the DHCP from it and ... I would configure the SonicWall to do the NAT. ... the cameras deal with a NAT'd environment, ...
      (microsoft.public.backoffice.smallbiz)
    • Microsoft-WebDAV-MiniRedir/6.0.6001
      ... IIS Server behind a router is being hit internal machines which are alse ... I ran Microsoft OneCare utility and the misbehaving client machine....it did ... Any help on this Microsoft-WebDav-MiniRedir garbage? ...
      (microsoft.public.inetserver.iis.security)
    • passive ftp server
      ... the IIS server is behind a router and has an internal IP. ... The sysadmin of the router told me that my server has to responde with the external IP instead of it's internal IP?!? ... It is possible to set this in IIS7 but not in IIS6! ...
      (microsoft.public.inetserver.iis.ftp)
    • Is a firewall required...
      ... I have a Linksys WRT54GS Wi-Fi router and the firewall is enabled. ... which act as a IIS server is cabled to the router. ...
      (comp.security.firewalls)