Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 2394 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP-Adressen freigeben

Lubos Novy

Hallo zusammen,

in unserem Betrieb wurde heute ein EC-Zahlungsterminal von unsere Bank installiert. Ich muss für die Kommunikation bestimmte externe IP-Adressen mit Ports freigeben.
Das habe ich unten "Regeln und Richtlinien" erledigt. Irgendwo mache ich aber was verkehrt. Anbei Bild:

Unten "Zahlungsterminal_IP" sind die IP-Adressen von der Externe Quelle aufgelistet. Unter Dienste dann die Ports.

Ich habe auch schon eine Ausnahme bei "Web" hinzugefügt. Leider auch ohne Erfolg.

Vielen Dank im Voraus für Ihre Antworten. 

Viele Grüße

Lubos



This thread was automatically locked due to age.
  • 0

    Do we talk about external access or internal access?

    Your rule will allow the WAN Host to access a internal Ressource via NAT. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I need both direction, the terminal should send and receive from the ip-adress list. 

  • 0

    On which side LAN or WAN does the connection start? Usually one is the sender and the firewall will let through the traffic/answers from the other side.

    If LAN is a private IP network I'd assume that you are communincating LAN -> WAN. In this case you also need to create a (Source NAT) SNAT Rule.
     
    (If the connection is WAN -> LAN then you need to set up #Zahlungsterminal multiplied  by #Zahlungsterminal_Ports (Destination NAT) DNAT Rules)


    If you are using public internet addresses on both sides you do not need NAT and the above setting should work.

  • 0

    Hi Lubos,

    in case you are running SFOS v18 you need to apply DNAT rule under 'NAT rules'!

    Here you should set 'Original source' to your IP-List of known external IPs, 'Original Destination' to your WAN Port and 'Original service' to Zahlungsterminal. Furthermore set 'Inbound interface' to WAN Port (#Port2) and 'Translated destination (DNAT)' to Zahlungsterminal as well. Leave the rest as default.

    Viel Erfolg Slight smile

  • 0 in reply to njabi

    Good Morning Njabi,

    i set up everything how you say, but still doesn't work. 

    "Original source" is the IP-List of known external IPs
    #Port6 is our WAN Port
    Original service are the ports of the services
    SNAT default. DNAT ist the IP of the machine, PAT default
    inbound interface is our WAN Port #Port6 
    outbound interface default

    what I'm doint wrong? Did i miss something to set up?

    Thank you guys for your help!

  • 0 in reply to Lubos Novy

    I am assuming, you do not need a DNAT Firewall rule.

    XG is a stateful firewall. That means, the connection will build up from a Client to a Server. You are doing this in a firewall rule (LAN-WAN). XG will take care, that the packets going out and coming back are allowed. 

    You do not need a firewall rule, allowing the server to reply. 

    __________________________________________________________________________________________________________________

  • +1

    Guys, i got it! Thank you all! Here is the screenshot of it!

  • 0 in reply to Lubos Novy

    Hi Lubos,

    I missed that mistake in your original post. I know it is a bit confusing, that you have to set Destination Network to 'Zahlungsterminal_IP_extern" but this is how it works - good to hear that!

Unfiltered HTML