ATP 100 doesn't forward ports

october_web
october_web Posts: 7
Friend Collector
in Security
Hello, everyone,
on an APT 100, I configured the NAT rules, policy control, in the log I see that an access forward was performed, but I can't reach my web server at port 80.
If I try to reach my web server internally it works.

Accepted Solution

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Answer ✓
    Your windows installation have only 1 gateway, currently FreeBSD.
    Windows receives packets from ATP100 (at least, should) but it will ask to FreeBSD (and not to ATP 100) to deliver answers, according to the network configuration.
«1

All Replies

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Does your webserver allows access outside the local network segment?
  • october_web
    october_web Posts: 7
    Friend Collector
    Yes, because it is already externally accessible from another wan 
  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Do you have two routers/Firewall?
    The ATP100 and the "another wan"?
  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited August 2022
    Does the APT 100 on the WAN have the WAN IP?

    Do a port scan to 80
    GRC | Port Authority, for Internet Port 80
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 874  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @october_web,
    Have you enabled "NAT loopback" ? 

    In order to clarify issue, Please kindly provide the topology with IP address. 
    Thank you
    Kevin
  • october_web
    october_web Posts: 7
    Friend Collector
    So,
    I have two Public IP and two Firewalls
    I did a scan, but port 80 does not appear to be open.
    Enable NAT Lookup is enabled.

    The public IP is 109.238.24.174


  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    mMontana said:
    Do you have two routers/Firewall?
    The ATP100 and the "another wan"?
    Would you please, @october_web, tell me if you have two devices for WAN connection (the ATP 100 and another device)?
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 874  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @october_web,
    1) Did you have another device on the WAN side ?
    2) Could you capture the LAN/WAN side packet  ?
    3) Please check internal server have port listened.
    Or we can have remote session for quikly check . Thank you
    Kevin

  • october_web
    october_web Posts: 7
    Friend Collector
    mMontana said:
    mMontana said:
    Do you have two routers/Firewall?
    The ATP100 and the "another wan"?
    Would you please, @october_web, tell me if you have two devices for WAN connection (the ATP 100 and another device)?
    yes
  • october_web
    october_web Posts: 7
    Friend Collector
    edited August 2022
    Zyxel_Kevin said:
    Hi @october_web,
    1) Did you have another device on the WAN side ? - NO
    2) Could you capture the LAN/WAN side packet  ? - how can I do it?
    3) Please check internal server have port listened. - port is listening
    Or we can have remote session for quikly check . Thank you
    Kevin

    I'm on holiday now, if I can't solve it when I get back. Thanks

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)