I've got a 5 block of IPs from Comcast but I can't get them forwarded properly internally... I want 50.196.239.227 to forward to my internal server, setup as 192.168.1.101 ... As per a previous forum post that I found, I've made a firewall exception, and also set up Destination NAT and Source NAT rules, but it's not letting any traffic through... we are trying to use SSH, which we can use internally, but cannot use externally over the public internet. My router config is attached. Please advise. Thanks. We will also want to do the same for 50.196.239.228 and forward that to 192.168.2.102.
firewall {
all-ping enable
broadcast-ping disable
group {
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow Web Server"
destination {
address 192.168.2.101
}
log disable
protocol all
}
rule 20 {
action accept
state {
established enable
related enable
}
}
rule 30 {
action drop
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Web Server Inbound"
destination {
address 192.168.2.101
}
log disable
protocol all
state {
established enable
invalid disable
new enable
related enable
}
}
rule 20 {
action accept
state {
established enable
related enable
}
}
rule 30 {
action drop
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.1.1/24
description Local
duplex auto
speed auto
}
ethernet eth1 {
address 50.196.239.225/29
address 50.196.239.226/29
address 50.196.239.227/29
address 50.196.239.228/29
address 50.196.239.229/29
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
address 192.168.2.1/24
description "Local 2"
duplex auto
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN1 {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.21 {
stop 192.168.1.240
}
}
}
shared-network-name LAN2 {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.21 {
stop 192.168.2.240
}
static-mapping webserver {
ip-address 192.168.2.101
mac-address 00:1e:4f:29:97:32
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth0
listen-on eth2
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 1 {
description ".227 to .101 - Web Server"
destination {
address 192.168.2.101
}
inbound-interface eth1
inside-address {
address 50.196.239.227
}
log disable
protocol all
type destination
}
rule 5000 {
description ".101 to CC.227 - Web Server"
log disable
outbound-interface eth1
outside-address {
address 50.196.239.227
}
protocol all
source {
address 192.168.2.101
}
type source
}
rule 5001 {
outbound-interface eth1
type masquerade
}
}
upnp {
listen-on eth2 {
outbound-interface eth1
}
}
}
system {
conntrack {
expect-table-size 2048
hash-size 32768
modules {
sip {
disable
}
}
table-size 262144
}
gateway-address 50.196.239.230
/* Release version: v1.8.5.4884695.160608.1057 */