How do I setup access from the Internet to a server on my LAN?
Top : IntelliSECURE Security Service : Access Rules
| Article ID: |
 |
000017 |
| Rating: |
|
5.0 / 5.0 (1 votes)
|
| Views: |
|
2164 |
|
|
If you want to allow public access to a system or server on your LAN, there are multiple ways of accomplishing this. Here are some Public LAN Server examples.
|
Assume that the General - Network screen looks like this:
SonicWALL LAN IP Address: 192.168.7.1
LAN Subnet Mask: 255.255.255.0
WAN Gateway Router IP address: 24.24.24.1
SonicWALL WAN IP Address: 24.24.24.24
WAN Subnet Mask: 255.255.255.0
You have a webserver on your LAN that you want the public to see from outside the firewall; the IP address of the server is 192.168.7.201. Type this number in the public LAN server field for the Web (HTTP) service and click on the update button. This change results in a new access rule that says
allow HTTP
source: * *
destination: LAN 192.168.7.201
The webserver can now be seen from the Internet using http://24.24.24.24. Limitations in the NAT on the firewall require LAN users to access this webserver using its local address, using the URL http://192.168.7.201.
The server must use a subnet mask 255.255.255.0 and must have its default gateway set to 192.168.7.1.
__________________________________________________________________________________________
Access/Rules: One-To-One NAT server example
This feature can be used with NAT-Enabled mode only; it won\'t work if using Standard, DHCP Client or PPPoE client modes. You must own multiple static IP addresses in the same range.
Assume that the General - Network screen looks like this:
SonicWALL LAN IP Address: 192.168.7.1
LAN Subnet Mask: 255.255.255.0
WAN Gateway Router IP address: 24.24.24.1
SonicWALL WAN IP Address: 24.24.24.2
WAN Subnet Mask: 255.255.255.224
The web servers on your LAN have IP addresses 192.168.7.11 and 192.168.7.12 ;
You want the public to see them from outside the firewall, using IP Addresses 24.24.24.11 and 24.24.24.12.
You must do two steps:
1. on Advanced - One-to-One NAT screen, enable it, and create an entry that says:
Private Range Begin: 192.168.7.11
Public Range Begin: 24.24.24.11
Range Length: 2
(if in doubt, create two separate entries)
2. Create an access rule that says
allow HTTP
source: WAN *
destination: LAN 192.168.7.11 - 192.168.7.12
The webserver can now be seen from the Internet using http://24.24.24.11 and http://24.24.24.12. Limitations in the NAT on the firewall require LAN users to access this webserver using its local address, (e.g., http://192.168.7.11 )
The servers must use a subnet mask 255.255.255.0 and must have default gateways set to 192.168.7.1.
__________________________________________________________________________________________
Access/Rules: Internet server configurations in standard mode
Configuring servers on the LAN in Standard mode
Use the ACCESS>Rules screen in the web interface to configure servers on the LAN
when in Standard mode.
By default, SonicWall prohibits incoming packets from the internet to your LAN. This
is because of the access rule which says \"Deny default from * to LAN\"; DO NOT
DELETE THIS RULE, EVEN IF YOU ARE DESPERATE TO GET THE SERVER
WORKING!
Let\'s assume the customer has a webserver on the LAN with IP address 208.5.5.5,
and an email server with IP address 208.5.5.6 . Create these rules to make the servers
visible from anywhere on the internet:
allow HTTP
source: * *
destination: LAN 208.5.5.5
allow SMTP
source: * *
destination: LAN 208.5.5.6
allow POP3
source: * *
destination: LAN 208.5.5.6
Please note that the source part of the rule can be limited to certain parts of the
internet, using a range of IP addresses on the LAN. This rule would be used to
configure the same webserver to be visible only from a single class C subnet on the
internet.
allow HTTP
source: WAN 216.77.88.1 - 216.77.88.254
destination: LAN 208.5.5.5
|
