PING, but no access to GUI Server

whitetiger · 15 May 2020 11:33

In a new LAN, I have this network.

(Public Address)
Router
192.168.43.2

192.168.43.3
(Red NIC)
IPFIRE – (Orange NIC) 192.168.113.1 -------- 192.168.113.11 (Server)
(Green NIC)
192.168.111.1

192.168.111.101
My PC

From MyPC I’m able to do the PING on every address, but not to do http://192.168.113.11
Instead, if I change the static address of my PC’s NIC to 192.168.113.101 and insert the cable directly into the server or in its switch I can access the GUI with the same URL.

The server is configured with
192.168.113.11/24
Gtw: 192.168.113.1
DNS 8.8.8.8,8.8.4.4

In IPFire there is installed

IDS on Green
Guardian
Clamav + Squidclamav
Proxy Web + SARG
URL Filter
Update accelerator

I also tried creating two rules in the firewall

From Green
To 192.168.113.11
HTTP / HTTPS presets
Accept

pmueller · 15 May 2020 16:16

Hi,

From MyPC I’m able to do the PING on every address, but not to do http://192.168.113.11

you probably need a to configure firewall rule for allowing this.

Are there any firewall log entries in this case?

Thanks, and best regards,
Peter Müller

whitetiger · 16 May 2020 11:13

I have put the rule; I wrote it before.
Obviously it is not enough.

But I don’t understand why I from the LAN (Green) I can access in the DMZ (Orange) for example the SQL server, the Remote Desktop and other services without the need for rules.
And instead for port 80 I have to write one.
I believed that from the LAN (Green) I could access to DMZ (Orange) without problems and that the rules were necessary for access from Internet (Red).

anon42188109 · 16 May 2020 15:37

I think you have the wrong Gateway on the orange network …
green -> orange is allowed by default, the opposite needs pinholes.

whitetiger · 16 May 2020 16:48

Right now I’m not near the firewall, but, if I remember correctly, in the setup I can define:

IP and Netmask of Green and Orange.
IP, Netmask, Gateway and DNS for Red.

There is no gateway for Orange.

Then, on the machines located in the Orange, I have to put:

a static address
the Gateway to the Orange NIC on IPFire
the public DNS, like 8.8.8.8

whitetiger · 17 May 2020 16:52

==== Update ===
I confirm the IP Address of the server:
192.168.113.11/24
Gtw: 192.168.113.1
DNS: 8.8.8.8

I’m not able to access with http from a PC in Green, but only from a PC in Orange

IP-DMZ

pike_it · 17 May 2020 17:06

Maybe some of the rules do not allow access from green to Web Interface?

whitetiger · 18 May 2020 08:11

Found and solved!
The problem is related to Network Based Access Control.
By moving IPFire from the test network to the production network and therefore changing the addresses of the Green and Orange areas, the old address remains in the field Allowed subnets.
Changed this with the new subnet address, I am unable to access the server again.