Quantcast
Viewing all articles
Browse latest Browse all 20028

Access Server through WAN and port forwarding

August 28, 2016, 3:34 am
$
0
0

Hi Community.

 

Could someone please explain to me why I can't get access to my server from the Internet...

I have no problems with reaching the server from inside our LAN's.

Everytime I try to access it from outside the LAN's I get the same ERROR:

Typing the external address results in "Hmm, we couldn't open the site" - "Make sure you have the right webaddress: https://152.115.XX.XXX" and that is despite that I'm typing the address without https.

Attaching the config.boot file here

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name DMZ-to-LAN {
        default-action drop
        enable-default-log
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
    }
    name DMZ-to-LOCAL {
        default-action drop
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            log enable
            state {
                invalid enable
            }
        }
        rule 600 {
            action accept
            description "Allow DNS querries"
            destination {
                port 53
            }
            protocol tcp_udp
            state {
                new enable
            }
        }
    }
    name DMZ-to-WAN {
        default-action drop
        enable-default-log
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                new enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
    }
    name GuestVLAN100 {
        default-action accept
        description ""
        rule 1 {
            action accept
            description "Apple TV"
            destination {
                address 192.168.1.38
            }
            log disable
            protocol all
            source {
                mac-address 
            }
        }
        rule 2 {
            action drop
            destination {
                address 192.168.0.0/16
            }
            log disable
            protocol all
            source {
                address 192.168.100.0/24
            }
        }
    }
    name LAN-to-DMZ {
        default-action drop
        enable-default-log
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                new enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
    }
    name LAN-to-LOCAL {
        default-action drop
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            log enable
            state {
                invalid enable
            }
        }
        rule 200 {
            action accept
            description "Allow HTTPS GUI"
            destination {
                port 443
            }
            log enable
            protocol tcp
            state {
                new enable
            }
        }
        rule 600 {
            action accept
            description "Allow DNS querries"
            destination {
                port 53
            }
            protocol tcp_udp
            state {
                new enable
            }
        }
        rule 800 {
            action accept
            description "SSH management"
            destination {
                port 22
            }
            protocol tcp
            state {
                new enable
            }
        }
    }
    name LAN-to-WAN {
        default-action drop
        enable-default-log
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                new enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
    }
    name LOCAL-to-DMZ {
        default-action drop
        enable-default-log
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
    }
    name LOCAL-to-LAN {
        default-action drop
        enable-default-log
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
    }
    name LOCAL-to-WAN {
        default-action drop
        enable-default-log
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                new enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
    }
    name WAN-to-DMZ {
        default-action drop
        enable-default-log
        rule 10 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
        rule 30 {
            action accept
            description "HTTP access"
            destination {
                address 192.168.2.45
                port 80
            }
            log enable
            protocol tcp
            source {
                group {
                }
            }
            state {
                established disable
                invalid disable
                new enable
                related disable
            }
        }
        rule 40 {
            action accept
            description "HTTPS access"
            destination {
                address 192.168.2.45
                port 443
            }
            log enable
            protocol tcp
            state {
                new enable
            }
        }
        rule 50 {
            action drop
            description "Limit inbound SSH connections"
            destination {
                port ssh
            }
            protocol tcp
            recent {
                count 3
                time 30
            }
            state {
                new enable
            }
        }
        rule 60 {
            action accept
            description "SSH access"
            destination {
                address 192.168.2.40
                port 22
            }
            log enable
            protocol tcp
            state {
                new enable
            }
        }
    }
    name WAN-to-LAN {
        default-action drop
        enable-default-log
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
    }
    name WAN-to-LOCAL {
        default-action drop
        enable-default-log
        rule 1 {
            action accept
            description "Established/related connections"
            protocol all
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "State invalid"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address 152.115.XX.XXX/24
        description WAN
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.1.1/24
        description LAN
        duplex auto
        poe {
            output off
        }
        speed auto
        vif 100 {
            address 192.168.100.1/24
            description "Guest/IoT VLAN"
            firewall {
                out {
                    name GuestVLAN100
                }
            }
        }
    }
    ethernet eth2 {
        address 192.168.2.1/24
        description DMZ
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    ethernet eth3 {
        description "Local Free 3"
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    ethernet eth4 {
        description "Local Free 4"
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address dhcp
        description "Local 2"
        mtu 1500
        switch-port {
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
    }
}
service {
    dhcp-server {
        disabled false
        dynamic-dns-update {
            enable true
        }
        hostfile-update disable
        shared-network-name DMZ_DHCP {
            authoritative disable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 192.168.2.1
                lease 86400
                start 192.168.2.100 {
                    stop 192.168.2.254
                }
                static-mapping VM-04 {
                    ip-address 192.168.2.45
                    mac-address 
                }
            }
        }
        shared-network-name GuestVLAN100 {
            authoritative disable
            subnet 192.168.100.0/24 {
                default-router 192.168.100.1
                dns-server 8.8.8.8
                dns-server 8.8.4.4
                lease 86400
                start 192.168.100.50 {
                    stop 192.168.100.200
                }
            }
        }
        shared-network-name LAN_DHCP {
            authoritative disable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.1
                lease 86400
                start 192.168.1.100 {
                    stop 192.168.1.254
                }
                unifi-controller 192.168.1.38
            }
        }
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 200
            listen-on eth1
            listen-on eth2
        }
    }
    gui {
        http-port 80
        https-port 443
        listen-address 192.168.1.1
        older-ciphers enable
    }
    nat {
        rule 100 {
            description "Web access to DMZ"
            destination {
                port 80
            }
            inbound-interface eth0
            inside-address {
                address 192.168.2.45
                port 80
            }
            log enable
            protocol tcp
            source {
            }
            type destination
        }
        rule 200 {
            description "Web access to DMZ"
            destination {
                port 314
            }
            inbound-interface eth0
            inside-address {
                address 192.168.2.45
                port 443
            }
            log enable
            protocol tcp
            type destination
        }
        rule 600 {
            description "SSH access to DMZ"
            destination {
                port 1337
            }
            inbound-interface eth0
            inside-address {
                address 192.168.2.45
                port 22
            }
            log enable
            protocol tcp
            type destination
        }
        rule 5000 {
            description "WAN masquerade"
            log disable
            outbound-interface eth0
            protocol all
            type masquerade
        }
    }
    ssh {
        disable-password-authentication
        port 22
        protocol-version v2
    }
}
system {
    gateway-address 152.115.XX.XXX
    host-name ubnt
    login {
        user ubnt {
            authentication {
                encrypted-password xxxxxxxxxxxxxxxxxxxxxxxx.
                plaintext-password ""
            }
            level admin
        }
    }
    name-server 83.136.89.6
    name-server 83.136.89.4
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/Copenhagen
}
zone-policy {
    zone DMZ {
        default-action reject
        from LAN {
            firewall {
                name LAN-to-DMZ
            }
        }
        from LOCAL {
            firewall {
                name LOCAL-to-DMZ
            }
        }
        from WAN {
            firewall {
                name WAN-to-DMZ
            }
        }
        interface eth2
    }
    zone LAN {
        default-action drop
        from DMZ {
            firewall {
                name DMZ-to-LAN
            }
        }
        from LOCAL {
            firewall {
                name LOCAL-to-LAN
            }
        }
        from WAN {
            firewall {
                name WAN-to-LAN
            }
        }
        interface eth1
    }
    zone LOCAL {
        default-action reject
        from DMZ {
            firewall {
                name DMZ-to-LOCAL
            }
        }
        from LAN {
            firewall {
                name LAN-to-LOCAL
            }
        }
        from WAN {
            firewall {
                name WAN-to-LOCAL
            }
        }
        local-zone
    }
    zone WAN {
        default-action reject
        from DMZ {
            firewall {
                name DMZ-to-WAN
            }
        }
        from LAN {
            firewall {
                name LAN-to-WAN
            }
        }
        from LOCAL {
            firewall {
                name LOCAL-to-WAN
            }
        }
        interface eth0
    }
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.0.4901118.160804.1131 */

Looking forward to read your reply - as this is making me crazy..

 

 

Search
Viewing all articles
Browse latest Browse all 20028

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>