Issue
Nat blocking outgoing IP
I have used the 1 to 1 Nat for a long time. I am using the latest version of ClearOS.
When I enable public ip to point port 22 tcp to private ip 10.0.0.99, that blocks 10.0.0.99 from getting out on internet. I cannot even ping google.com, but I can ping lan ip.
When I disable it, then I can get on internet. ping google works.
I got to get this port 22 working again. fast.... I dont mind editing configs, if I have detailed instructions, but I mainly rely on the gui.
10.0.0.99 is a windows 10 pro. its ok though.
Thanks,
When I enable public ip to point port 22 tcp to private ip 10.0.0.99, that blocks 10.0.0.99 from getting out on internet. I cannot even ping google.com, but I can ping lan ip.
When I disable it, then I can get on internet. ping google works.
I got to get this port 22 working again. fast.... I dont mind editing configs, if I have detailed instructions, but I mainly rely on the gui.
10.0.0.99 is a windows 10 pro. its ok though.
Thanks,
Share this post:
Responses (6)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
I have planned to do a re-install in the morning. I got to have this running good before the students get on campus.
Here is the outputs.
[root@firewall ~]# iptables -nvL
Chain INPUT (policy DROP 40022 packets, 7500K bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set f2b-sshd-ddos src reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set f2b-sshd src reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,220,993,110,995 match-set f2b-postfix-sasl src reject-with icmp-port-unreachable
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
3933 299K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
0 0 DROP all -- * * 62.112.0.0/16 0.0.0.0/0
117 12793 DROP all -- * * 62.0.0.0/8 0.0.0.0/0
106 11794 DROP all -- * * 80.0.0.0/8 0.0.0.0/0
564 30485 DROP all -- * * 81.0.0.0/8 0.0.0.0/0
11 868 DROP all -- * * 116.0.0.0/8 0.0.0.0/0
1 120 DROP all -- * * 163.172.0.0/16 0.0.0.0/0
32 2500 DROP all -- * * 218.0.0.0/8 0.0.0.0/0
7199 397K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
2775 578K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP all -- ens6f0 * 127.0.0.0/8 0.0.0.0/0
370K 62M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
1472K 193M ACCEPT all -- ens6f1 * 0.0.0.0/0 0.0.0.0/0
192K 13M ACCEPT all -- ens6f2.20 * 0.0.0.0/0 0.0.0.0/0
912K 53M ACCEPT all -- ens6f2.21 * 0.0.0.0/0 0.0.0.0/0
251K 14M ACCEPT all -- ens6f2.22 * 0.0.0.0/0 0.0.0.0/0
267 64934 ACCEPT all -- ens6f2.23 * 0.0.0.0/0 0.0.0.0/0
1487K 97M ACCEPT all -- ens6f2.24 * 0.0.0.0/0 0.0.0.0/0
1059K 61M ACCEPT all -- ens6f2.60 * 0.0.0.0/0 0.0.0.0/0
182 43134 ACCEPT all -- ens6f3.10 * 0.0.0.0/0 0.0.0.0/0
5031 427K ACCEPT all -- ens6f3.30 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- eno2.50 * 0.0.0.0/0 10.0.50.1 udp spt:68 dpt:67
0 0 ACCEPT tcp -- eno2.50 * 0.0.0.0/0 10.0.50.1 tcp spt:68 dpt:67
6 390 ACCEPT udp -- eno2.50 * 10.0.50.0/24 10.0.50.1 udp dpt:53
0 0 ACCEPT tcp -- eno2.50 * 10.0.50.0/24 10.0.50.1 tcp dpt:53
1074 31146 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
1441 85356 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT udp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.0.50.1 udp dpt:1194
7 901 ACCEPT udp -- * * 0.0.0.0/0 50.115.255.191 udp dpt:1194
0 0 ACCEPT udp -- eno2.50 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
6 3914 ACCEPT tcp -- eno2.50 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
242K 37M ACCEPT udp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
3601K 24G ACCEPT tcp -- ens6f0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
13 1259 DROP all -- * * 62.112.0.0/16 0.0.0.0/0
1228 74876 DROP all -- * * 62.0.0.0/8 0.0.0.0/0
247 22254 DROP all -- * * 80.0.0.0/8 0.0.0.0/0
202 14388 DROP all -- * * 81.0.0.0/8 0.0.0.0/0
1398 84884 DROP all -- * * 116.0.0.0/8 0.0.0.0/0
7 553 DROP all -- * * 163.172.0.0/16 0.0.0.0/0
16 5125 DROP all -- * * 218.0.0.0/8 0.0.0.0/0
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4 icmptype 0
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4 icmptype 3
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4 icmptype 8
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4 icmptype 11
0 0 DROP icmp -- ens6f0 * 0.0.0.0/0 10.0.30.4
0 0 ACCEPT tcp -- ens6f0 * 0.0.0.0/0 10.0.30.4 tcp dpt:5060
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5 icmptype 0
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5 icmptype 3
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5 icmptype 8
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5 icmptype 11
0 0 DROP icmp -- ens6f0 * 0.0.0.0/0 10.0.30.5
0 0 ACCEPT tcp -- ens6f0 * 0.0.0.0/0 10.0.30.5 tcp dpt:5555
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2 icmptype 0
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2 icmptype 3
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2 icmptype 8
0 0 ACCEPT icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2 icmptype 11
0 0 DROP icmp -- ens6f0 * 0.0.0.0/0 10.0.50.2
0 0 ACCEPT tcp -- ens6f0 * 0.0.0.0/0 10.0.50.2 tcp dpt:80
3 132 ACCEPT icmp -- * * 10.0.50.0/24 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 10.0.50.0/24 icmptype 0
6 610 ACCEPT icmp -- * * 10.0.50.0/24 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 10.0.50.0/24 icmptype 3
0 0 ACCEPT icmp -- * * 10.0.50.0/24 0.0.0.0/0 icmptype 8
759 33396 ACCEPT icmp -- * * 0.0.0.0/0 10.0.50.0/24 icmptype 8
0 0 ACCEPT icmp -- * * 10.0.50.0/24 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 10.0.50.0/24 icmptype 11
0 0 DROP icmp -- * * 10.0.50.0/24 0.0.0.0/0
0 0 DROP icmp -- * * 0.0.0.0/0 10.0.50.0/24
59 2360 ACCEPT all -- * * 10.0.50.0/24 10.0.0.0/22 state RELATED,ESTABLISHED
0 0 DROP all -- * * 10.0.50.0/24 10.0.0.0/22
1577 97758 ACCEPT all -- * * 10.0.0.0/22 10.0.50.0/24
0 0 ACCEPT all -- * * 10.0.50.0/24 10.0.20.0/23 state RELATED,ESTABLISHED
0 0 DROP all -- * * 10.0.50.0/24 10.0.20.0/23
0 0 ACCEPT all -- * * 10.0.20.0/23 10.0.50.0/24
0 0 ACCEPT all -- * * 10.0.50.0/24 10.21.0.0/23 state RELATED,ESTABLISHED
0 0 DROP all -- * * 10.0.50.0/24 10.21.0.0/23
0 0 ACCEPT all -- * * 10.21.0.0/23 10.0.50.0/24
0 0 ACCEPT all -- * * 10.0.50.0/24 10.22.0.0/23 state RELATED,ESTABLISHED
0 0 DROP all -- * * 10.0.50.0/24 10.22.0.0/23
0 0 ACCEPT all -- * * 10.22.0.0/23 10.0.50.0/24
0 0 ACCEPT all -- * * 10.0.50.0/24 10.23.0.0/24 state RELATED,ESTABLISHED
0 0 DROP all -- * * 10.0.50.0/24 10.23.0.0/24
0 0 ACCEPT all -- * * 10.23.0.0/24 10.0.50.0/24
0 0 ACCEPT all -- * * 10.0.50.0/24 10.24.0.0/23 state RELATED,ESTABLISHED
0 0 DROP all -- * * 10.0.50.0/24 10.24.0.0/23
0 0 ACCEPT all -- * * 10.24.0.0/23 10.0.50.0/24
0 0 ACCEPT all -- * * 10.0.50.0/24 10.60.0.0/22 state RELATED,ESTABLISHED
0 0 DROP all -- * * 10.0.50.0/24 10.60.0.0/22
0 0 ACCEPT all -- * * 10.60.0.0/22 10.0.50.0/24
0 0 ACCEPT all -- * * 10.0.50.0/24 10.0.10.0/24 state RELATED,ESTABLISHED
0 0 DROP all -- * * 10.0.50.0/24 10.0.10.0/24
0 0 ACCEPT all -- * * 10.0.10.0/24 10.0.50.0/24
0 0 ACCEPT all -- * * 10.0.50.0/24 10.0.30.0/24 state RELATED,ESTABLISHED
0 0 DROP all -- * * 10.0.50.0/24 10.0.30.0/24
0 0 ACCEPT all -- * * 10.0.30.0/24 10.0.50.0/24
114M 178G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
63 3780 ACCEPT all -- eno2.50 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
218K 90M ACCEPT all -- ens6f1 * 0.0.0.0/0 0.0.0.0/0
15135 1317K ACCEPT all -- ens6f2.20 * 0.0.0.0/0 0.0.0.0/0
43233 4087K ACCEPT all -- ens6f2.21 * 0.0.0.0/0 0.0.0.0/0
28044 2404K ACCEPT all -- ens6f2.22 * 0.0.0.0/0 0.0.0.0/0
23 1340 ACCEPT all -- ens6f2.23 * 0.0.0.0/0 0.0.0.0/0
107K 11M ACCEPT all -- ens6f2.24 * 0.0.0.0/0 0.0.0.0/0
63218 5461K ACCEPT all -- ens6f2.60 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ens6f3.10 * 0.0.0.0/0 0.0.0.0/0
52568 33M ACCEPT all -- ens6f3.30 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
0 0 DROP all -- * * 0.0.0.0/0 62.112.0.0/16
0 0 DROP all -- * * 0.0.0.0/0 62.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 80.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 81.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 116.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 163.172.0.0/16
0 0 DROP all -- * * 0.0.0.0/0 218.0.0.0/8
368K 62M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
1013K 3468M ACCEPT all -- * ens6f1 0.0.0.0/0 0.0.0.0/0
180K 516M ACCEPT all -- * ens6f2.20 0.0.0.0/0 0.0.0.0/0
1239K 3421M ACCEPT all -- * ens6f2.21 0.0.0.0/0 0.0.0.0/0
218K 618M ACCEPT all -- * ens6f2.22 0.0.0.0/0 0.0.0.0/0
303 67989 ACCEPT all -- * ens6f2.23 0.0.0.0/0 0.0.0.0/0
3283K 14G ACCEPT all -- * ens6f2.24 0.0.0.0/0 0.0.0.0/0
1015K 2730M ACCEPT all -- * ens6f2.60 0.0.0.0/0 0.0.0.0/0
182 43134 ACCEPT all -- * ens6f3.10 0.0.0.0/0 0.0.0.0/0
5069 1578K ACCEPT all -- * ens6f3.30 0.0.0.0/0 0.0.0.0/0
36335 4613K ACCEPT icmp -- * ens6f0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * ens6f0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * ens6f0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
0 0 ACCEPT udp -- * eno2.50 10.0.50.1 0.0.0.0/0 udp spt:1194
5 387 ACCEPT udp -- * ens6f0 50.115.255.191 0.0.0.0/0 udp spt:1194
12 1440 ACCEPT all -- * eno2.50 0.0.0.0/0 0.0.0.0/0
1952K 145M ACCEPT all -- * ens6f0 0.0.0.0/0 0.0.0.0/0
Chain DROP-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
[root@firewall ~]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 4570K packets, 1294M bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 50.115.255.193 tcp dpt:5060 to:10.0.30.4
0 0 DNAT tcp -- * * 0.0.0.0/0 50.115.255.195 tcp dpt:5555 to:10.0.30.5
0 0 DNAT tcp -- * * 0.0.0.0/0 50.115.255.192 tcp dpt:80 to:10.0.50.2
10 520 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.20.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.21.0.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.22.0.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.23.0.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.24.0.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.60.0.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.10.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.30.1 tcp dpt:80
21 908 ACCEPT tcp -- * * 0.0.0.0/0 50.115.255.191 tcp dpt:80
7761 416K REDIRECT tcp -- ens6f1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
579 37036 REDIRECT tcp -- ens6f2.20 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
2790 171K REDIRECT tcp -- ens6f2.21 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
318 18100 REDIRECT tcp -- ens6f2.22 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
6 360 REDIRECT tcp -- ens6f2.23 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
1507 89616 REDIRECT tcp -- ens6f2.24 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
1425 89230 REDIRECT tcp -- ens6f2.60 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- ens6f3.10 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
2 120 REDIRECT tcp -- ens6f3.30 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain INPUT (policy ACCEPT 457K packets, 67M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 443K packets, 37M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 207K packets, 20M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
1256 87918 SNAT all -- * * 10.0.30.4 0.0.0.0/0 to:50.115.255.193
0 0 SNAT tcp -- * * 10.0.0.0/22 10.0.30.4 tcp dpt:5060 to:10.0.0.1
0 0 SNAT tcp -- * * 10.0.20.0/23 10.0.30.4 tcp dpt:5060 to:10.0.20.1
0 0 SNAT tcp -- * * 10.21.0.0/23 10.0.30.4 tcp dpt:5060 to:10.21.0.1
0 0 SNAT tcp -- * * 10.22.0.0/23 10.0.30.4 tcp dpt:5060 to:10.22.0.1
0 0 SNAT tcp -- * * 10.23.0.0/24 10.0.30.4 tcp dpt:5060 to:10.23.0.1
0 0 SNAT tcp -- * * 10.24.0.0/23 10.0.30.4 tcp dpt:5060 to:10.24.0.1
0 0 SNAT tcp -- * * 10.60.0.0/22 10.0.30.4 tcp dpt:5060 to:10.60.0.1
0 0 SNAT tcp -- * * 10.0.10.0/24 10.0.30.4 tcp dpt:5060 to:10.0.10.1
0 0 SNAT tcp -- * * 10.0.30.0/24 10.0.30.4 tcp dpt:5060 to:10.0.30.1
0 0 SNAT all -- * * 10.0.30.5 0.0.0.0/0 to:50.115.255.195
0 0 SNAT tcp -- * * 10.0.0.0/22 10.0.30.5 tcp dpt:5555 to:10.0.0.1
0 0 SNAT tcp -- * * 10.0.20.0/23 10.0.30.5 tcp dpt:5555 to:10.0.20.1
0 0 SNAT tcp -- * * 10.21.0.0/23 10.0.30.5 tcp dpt:5555 to:10.21.0.1
0 0 SNAT tcp -- * * 10.22.0.0/23 10.0.30.5 tcp dpt:5555 to:10.22.0.1
0 0 SNAT tcp -- * * 10.23.0.0/24 10.0.30.5 tcp dpt:5555 to:10.23.0.1
0 0 SNAT tcp -- * * 10.24.0.0/23 10.0.30.5 tcp dpt:5555 to:10.24.0.1
0 0 SNAT tcp -- * * 10.60.0.0/22 10.0.30.5 tcp dpt:5555 to:10.60.0.1
0 0 SNAT tcp -- * * 10.0.10.0/24 10.0.30.5 tcp dpt:5555 to:10.0.10.1
0 0 SNAT tcp -- * * 10.0.30.0/24 10.0.30.5 tcp dpt:5555 to:10.0.30.1
9 540 SNAT all -- * * 10.0.50.2 0.0.0.0/0 to:50.115.255.192
0 0 SNAT tcp -- * * 10.0.0.0/22 10.0.50.2 tcp dpt:80 to:10.0.0.1
0 0 SNAT tcp -- * * 10.0.20.0/23 10.0.50.2 tcp dpt:80 to:10.0.20.1
0 0 SNAT tcp -- * * 10.21.0.0/23 10.0.50.2 tcp dpt:80 to:10.21.0.1
0 0 SNAT tcp -- * * 10.22.0.0/23 10.0.50.2 tcp dpt:80 to:10.22.0.1
0 0 SNAT tcp -- * * 10.23.0.0/24 10.0.50.2 tcp dpt:80 to:10.23.0.1
0 0 SNAT tcp -- * * 10.24.0.0/23 10.0.50.2 tcp dpt:80 to:10.24.0.1
0 0 SNAT tcp -- * * 10.60.0.0/22 10.0.50.2 tcp dpt:80 to:10.60.0.1
0 0 SNAT tcp -- * * 10.0.10.0/24 10.0.50.2 tcp dpt:80 to:10.0.10.1
0 0 SNAT tcp -- * * 10.0.30.0/24 10.0.50.2 tcp dpt:80 to:10.0.30.1
2 120 ACCEPT all -- * * 10.0.50.0/24 0.0.0.0/0
479K 59M MASQUERADE all -- * ens6f0 0.0.0.0/0 0.0.0.0/0
[root@firewall ~]#
[root@firewall ~]#
[root@firewall ~]# cat /etc/clearos/network.conf
# Network mode
MODE="gateway"
# Network interface roles
EXTIF="ens6f0"
LANIF="ens6f1 ens6f2.20 ens6f2.21 ens6f2.22 ens6f2.23 ens6f2.24 ens6f2.60 ens6f3.10 ens6f3.30"
DMZIF="eno2.50"
HOTIF=""
# Domain and Internet Hostname
DEFAULT_DOMAIN="crc.lan"
INTERNET_HOSTNAME="firewall.crc.lan"
# Extra LANS
EXTRALANS=""
# ISP Maximum Speeds
ENS6F0_MAX_DOWNSTREAM=184970
ENS6F0_MAX_UPSTREAM=61630
[root@firewall ~]#
-
Accepted Answer
Port 20 rule is disabled so I can get on the internet with that server. (so disabled rules in gui doesnt show up?) Its strange because the other nats work fine.
I wont get back to this problem until Saturday AM tomorrow.
This install of ClearOS has been around several years. I had several things installed like active directory, dnsthingy (they ssh into my system and did a lot of modifications)
Maybe a fresh installed will be best.
Thank you for your assistance.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »