Hello everyone,
I will need a little help
I can’t join machines in vlans in a CGU from internet
I have attached a diagram of my network architecture and also the configuration of my ipfire, but I can’t find the trick.
Thanks to you.
I might be wrong, but you need a double NAT there, as you have a second router. From RED to 192.1681.101 and from there you need your router to do another NAT. It might not be optimal to have a double NAT. Also, I do not understand the CGU part of the traffic. I do not know what it is and why it can communicate with the other VLANs without going through IPFire. As you can see, I am not very knowledgeable.
1 Like
Hello
To summarize, a cgu is a private network managed by a third party (fiber optic provider) but it does not block any flow.
It is a private network on a public infrastructure
greetings
Hello for the second time 
I just realized that the port translation was not working …
Or I made a mistake which is more likely
I have configured an access as shown on the attached image, but I can’t access the machine from the internet.
Where is my error?
thanks
If a CGU is converting a public IP for your ISP into multiple private IP addresses then I am not sure that you can access your machines from the internet.
Does your ISP provide you with a unique domain name/hostname to access from the internet that it then converts in its CGU to your specific private IP that is assigned to your IPFire.
The ISP effectively needs to do a NAT port forward on its CGU for all its customers that want to access their machines from the Internet.
In terms of the rule, when you try and access that machine from the internet are you specifically adding 2855 as the port address onto the URL you are using. If not then leave the source port blank as it can otherwise vary unless you have explicitly specified it in the URL by adding:2855 at the end of the URL string.
2 Likes
Hello @bonnietwin
Thanks for the answers.
I will check with my provider for the CGU
On the other hand for the 2855, indeed I specify it in the url when I want to connect, but I can’t reach the machine behind ipfire, that’s why I block and I ask for a little help
Sincerely
I suspect that this is because of the CGU.
CGU sounds very much like Carrier Grade NAT (CGN)
https://en.wikipedia.org/wiki/Carrier-grade_NAT
In the disadvantages section of that link it mentions that CGN usually prevents ISP customers from using port forwarding. You can define a port forward in your IPFire but another port forward is required in the CGN because the use of CGN gives a double NAT effect.
What do the initials CGU stand for. I have not been able to find anything except an American university, info on Cash Generating Units or sites on insurance. I suspect it is the French equivalent of CGN.
If it is then you are very unlikely to be able to port forward into your IPFire except by requesting a public IP from your ISP.
4 Likes
this may be the same thing I ran into:
no solution…