Route traffic Green -> Red -> (NAT) Green?

Here’s my setup:

Red: 10.0.0.1
Green: 172.16.0.1
IMAP server on Green: 172.16.0.2

My external Red IP’s FQDN is “mynetwork.org”, for example.

I have a firewall rule to allow traffic destined for 10.0.0.1 port 993 to be NATed to 172.16.0.2 port 993.

My email client on my laptop is configured to connect to “mynetwork.org” port 993 for IMAP.

When I’m outside of my network (i.e. coming from the public internet), my email client has no problem reaching the IMAP server on 172.16.0.2.

When I’m inside of my network (i.e. laptop on Green), my email client cannot reach the IMAP server.

In both cases (laptop is external, laptop is internal), the FQDN resolves to 10.0.0.1, as expected.

What do I need to do for traffic from Green, destined for 10.0.0.1 port 993, to be correctly forwarded back into Green 172.16.0.2 port 993?

Thanks!
-Paul

Good morning and happy day @r33p!!!

Ok, your router does not know how to get to 172.16.0.2 directly but to the WAN IP of IPFire. You must create a “DMZ Host” in the router to redirect all requests to your Public IP to the IPFire WAN interface. I, for example, have it configured like this on my router:

imagen978×443 20.7 KB

Next, you must create a rule to publish the Service to the Internet from the IPFire Firewall:

imagen975×161 9.7 KB

The best explained rule:

imagen973×1105 48.8 KB

In “Source” you can put “Standard networks: ANY” or if you want only from one country, the one you want (as I have it) or you can also create a group of countries.

Obviously you will have to activate it (I don’t use it and that’s why I have it deactivated). The Log is optional.

Try it and tell Us something.

Best regards.

Hola Roberto!

Thanks for your reply. It forced me to take a closer look at my firewall rules, and I realized that I had set the Source to Red instead of Any. After fixing that, I can now access my IMAP server using my external IP address from both inside and outside of my network. Problem solved!

Thanks,
-Paul