I am new to IPfire and have been unable to figure out something. I need to forward some ports from RED to GREEN and have not been able to get it to work. I started with the docs at the URL below. Can anyone point me in the right direction?
Don’t know what you exactly configured.
For port forwarding you can think of the following scenario:
- clients on the WAN want to access a web server in your LAN
- they send packets to <your public IP>:80
- your internal web server listens on port 8900
- port forwarding makes the connection
-
- source : Any ( the WAN )
-
- destination NAT
-
- destination : internal web server address
-
- protocol: TCP, destination port 8900, external port 80
If your web server is accessible on port 8900 from outside, you can leave the external port blank.
Thanks for your input. I understand the process of what should be happening. There should be a screenshot attached that shows one of the configurations I tried.
In the destination section you may have to select the correct “red” external ip address. Over next to firewall box. To the right side.
Mail servers have other newances.
May need SNAT rule.
As a side note they added a default rule to block some mail traffic. You will need to remove.
Their rule appears to block all outbound port 25 traffic. It is disabled.
If I understand correctly I made the change you suggested. If I’m looking at the logs correctly inbound failed with an error of DROP_CTINVALID. I tried an additional change (see attachment) which failed with DROP_INPUT. This is very frustrating as it’s not rocket science.
You changed to much.
Source is any or red
Destination is ip of mail server.
NAT should have red ip associated with mail server red ip. If you have multiple red ip addresses
In section ‘protocol’ source port must be blank!
With the config shown only packets
<some public IP>:25 → <your public IP>:25
are allowed.
After creating the Port Forward rule did you press the green “Accept Changes” button at the top of the Firewall Rules page?
3 Likes
A very good question. It appears that I did not. It’s working now. It makes me wonder how many other times that happened. I feel like a complete idiot. Thanks goes everyone for the support!