Allow Access to Server from WAN

Allow Access to Server from WAN
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » Hardware By Brand » ZyXEL » Allow Access to Server from WAN

andremta @ 24th Sep 07:09AM:
Allow Access to Server from WAN

Hello to all, this is my very first post.

I have all my network configured as LAN. My users are in LAN so as my servers. As my configuration shows:

If activate the Firewall, people from WAN will not access my server ("intranet") services such as WWW.

Should I make the following modification in order to have access from Outside to inside to my Server?

Brano @ 24th Sep 09:08AM:
Re: Allow Access to Server from WAN

Yes, you need to add appropriate WAN-to-LAN rule.
You can do ANY, or list all services or create object group for all services (this is the best way in my opinion).

Also you need to insert this rule before your current rule #1 since the rules are evaluated from top to bottom.
--
openSUSE 11.1, KDE 4.2
reply

andremta @ 24th Sep 09:38AM:
Re: Allow Access to Server from WAN

Brano,

I'm not exactly sure what you mean with "list all services or create object group for all services"

Since my virtual servers are correctly setup, do I only need to modify the firewall rule:

WAN ---> LAN (from deny to ALLOW) ?

or maybe better,

WAN ---> MY_SERVER (ALLOW) as the 1# Rule

(and of course, active the firewall... currently its disabled)
reply

Brano @ 24th Sep 09:43AM:
Re: Allow Access to Server from WAN

Did you check the user guide?
»ftp://ftp.zyxel.com/ZyWALL_USG_300/use···2.12.pdf

Additional info with pictures in support note
»ftp://ftp.zyxel.com/ZyWALL_USG_300/sup···2.02.pdf

What I mean is that you don't want to specify any in Service type since you're only allowing SMTP, POP3, IMAP ....
You may wan to list these separately or to save you time and complexity create a group object for all the services and then use that.
--
openSUSE 11.1, KDE 4.2
reply

andremta @ 24th Sep 09:51AM:
Re: Allow Access to Server from WAN

I have the user guide.

Allowing this firewall rule should be enough?

WAN ---> MY_SERVER (HTTP ALLOW) for web service, for example?

One thing, ZyWall has port mirroring like ciscos?
reply

Brano @ 24th Sep 09:55AM:
Re: Allow Access to Server from WAN

Yes, for HTTP you want

WAN-to-LAN
Source: ANY
Destination: MY_SERVER
Service: HTTP

And no, port mirroring is not available.

FYI, there is CLI guide too:
»ftp://ftp.zyxel.com/ZyWALL_USG_300/cli···00_4.pdf
--
openSUSE 11.1, KDE 4.2
reply

andremta @ 24th Sep 10:02AM:
Re: Allow Access to Server from WAN

ahh...that sucks! Port mirror would be a great feature. I was planning to use a mirror port to analyse the LAN/WAN traffic with OSSIM.

reply

Brano @ 24th Sep 10:11AM:
Re: Allow Access to Server from WAN

There are some packet tracing / capturing capabilities.
Check the CLI guide.

Alternatively put a sniffer on WAN side. (I'm personally using small 5 port HUB in WAN port with Ethereal and it works great and costs $10)
--
openSUSE 11.1, KDE 4.2
reply

andremta @ 24th Sep 05:15PM:
Re: Allow Access to Server from WAN

A HUB instead of a switch to capture all the packets? Its a nice way to get over it, but.. it will only work for WAN, not LAN (my LAN is gigabit).

10 Mbit/s Hub?
reply