Port Forwarding looks OK but not able to access website

Security Firewall Rules
1

RED and GREEN are my private network. Log suggest that FORWARDING is ok, but somehow I am not able to see response in RED network. I am missing something basic here?

Below is how

  1. my setup looks like and logs are for accessing GREEN website from RED
  2. my firewall PORT Forwarding rule look like:
    image
    image681×913 67.9 KB

Other Debug Info:

  1. on GREEN network: cURL 192.168.0.31 >>>> returns “hello world!”.
  2. [PROBLEM] on RED network: cURL 172.17.2.172 >>>> Failed to connect 172.17.2.172 port 80: Operation timed out — after port forwarding, I am expecting machine in RED n/w also gives me response same as above from machine in GREEN n/w
  3. on RED network: ping 172.17.2.172 >>>> OK. 4 packets transmitted. 4 packets received. 0% packet loss.
2

I think you need External Port (NAT) filled in.

3

as suggested, I tried with below changes, but still not able to access from RED:

  1. in firewall rule, updated External Port (NAT) to 54000
  2. i have change website port from default(80) to 7000
  3. i opened this port 7000 on hosted linux machine (192.168.0.31)
  4. to make sure website still working, i tested it’s from IPFire machine(192.168.0.1[GREEN]/172.17.2.172[RED]). I used curl 192.168.0.31:7000, and I can see response
  5. 172.17.2.88 still not able to access website

image
image671×848 58 KB

4

Http://172.17.2.88:54000
Should work
Try standard network RED.

5

didn’t work either. thanks @hvacguy anyways. do I have to open port manually? Can below info be helpful:

From GREEN n/w

nmap 192.168.0.1

Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-06 20:35 CST
Nmap scan report for wall (192.168.0.1)
Host is up (0.00020s latency).
rDNS record for 192.168.0.1: ****
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
81/tcp open hosts2-ns
444/tcp open snpp

form RED n/w

nmap 172.17.2.172

Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-06 20:52 CST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds

ping 172.17.2.172

PING 172.17.2.172 (172.17.2.172) 56(84) bytes of data.
64 bytes from 172.17.2.172: icmp_seq=1 ttl=64 time=3.33 ms
64 bytes from 172.17.2.172: icmp_seq=2 ttl=64 time=3.03 ms
— 172.17.2.172 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 3.033/3.183/3.333/0.150 ms