Sonicwall newbie question...

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I have a Sonicwall 2040 appliance... its configured with a WAN LAN and
DMZ (all done prior to my arrival with the company).  The WAN is our
public IP addresses, such as E-Mail and Web Servers, LAN is all
internal addresses, and i'm not quite sure what the DMZ is.

What I'm wanting to do is enable traffic from my WAN (specifically 1 IP
address) to my LAN (again, specifically 1 IP address) for remote access
purposes.  I have a service setup on my firewall for Terminal Services
(port 3389), and a rule setup to all traffic from WAN to LAN for that
service.  When I access my local server from the LAN, RDP works fine.
When I try from my public server, it says the service is not running or
it cannot find it.

Any ideas as to what I am doing wrong?  Or what configuration option I
am missing?

Any thoughts are greatly appreciated and welcome.

Thanks,


Re: Sonicwall newbie question...
What you have todo is following stepsin sonicwall
1). Create a setvice for RDP=3389
2). Create a local user ie internal ip address of server
3). Create a local user for pubklic ip address of machine what to
access local mahine.
4). Cretae a rule which allows public ip access to local ip on rdp=3389
5). Apply rule to external interface for filtering traffic.
6). Try doing RDP from public machine




CK

woody wrote:
Quoted text here. Click to load it


Re: Sonicwall newbie question...
CK wrote:
Quoted text here. Click to load it
not necessary - it's called "terminal service" and predefined
Quoted text here. Click to load it
i would call it object ,(network-address objects-custom objects)
you need three:
2a) the internal host
2b) the external ip address of this host to be reached,
2c)also the admin host in the internet,

that is supposed to access your internal host

Quoted text here. Click to load it
i would call it NAT (network-nat policies), where you define which service is
nated to where (external object to
internal host)
Quoted text here. Click to load it
create a rule WAN ->LAN which allows terminal service  access- from your admin
host (2c) to
EXTERNAL  address defined in 2b
Quoted text here. Click to load it
this aplllies to enhanced OS, if you have standard OS, you have less options,
(no fancy objects, no PAT...)
but basically same concept.

M

Re: Sonicwall newbie question...


mak wrote:
Quoted text here. Click to load it

Id not then you have to create thsi service.

Quoted text here. Click to load it


One way or the other you have to definr the ip addess or groups



Quoted text here. Click to load it

Same as above

Quoted text here. Click to load it
Both are the same i.e. NAT

Quoted text here. Click to load it

OS has not been discussed yet...




Quoted text here. Click to load it


Re: Sonicwall newbie question...
Quoted text here. Click to load it

Yes, mine is predefined...

Quoted text here. Click to load it

I don't have these options... under Network I have the following:

Settings
One-to-One NAT
Web Proxy
Intranet
Routing
ARP
DHCP Server

I don't see anywhere in these options where I can add a custom object.
Suggestions?

Quoted text here. Click to load it

Again, i don't have nat policies.

Quoted text here. Click to load it


Re: Sonicwall newbie question...
woody wrote:
Quoted text here. Click to load it
allright,
looks like you have standard OS:

if your WAN Interface is NAT enabled:
go to network- one-to one nat-add: private and public adress and range lenght 1
(you need a separate public IP from your providers pool)

go to firewall-access-rule-add:

action: allow
service:term serv
source: WAN ip_of_adminhost_in_the_internet (range begin and end is identical)
dest:LAN ip_of_internalhost_

that's it,
if it doesn't work, check your logs

M

Re: Sonicwall newbie question...
Well, I followed per your instructions... but it seems that every time
I try to access my Internal address from my Public address, I get the
following responses in the logs:

12/18/2006 14:12:59.544    Web management request allowed    69.15.x.x,
37713, LAN    10.0.x.x, 80, LAN    Web (HTTP)
12/18/2006 14:12:53.320    UDP packet from LAN dropped    10.0.x.x, 16924,
LAN    10.0.x.x, 1900, LAN    Port: 1900
mak wrote:

*scratches head*  What am I doing wrong?

Quoted text here. Click to load it


Re: Sonicwall newbie question...
When you say...

ip_of_adminhost_in_the_internet,  this is my public IP of the server I
want to access from?  Or my public IP that I added in the one-to-one
NAT?

and...

ip_of_internalhost_, this is the normal LAN address of the server I
want to access, correct?

Just making sure...

Thanks again for all the information... I greatly appreciate it!

Ray



mak wrote:
Quoted text here. Click to load it


Re: Sonicwall newbie question...
woody wrote:
Quoted text here. Click to load it

correct
  Or my public IP that I added in the one-to-one
Quoted text here. Click to load it

correct

<

Re: Sonicwall newbie question...
Could this have something to do with my internal address not showing up
in my firewall ARP table?  And why wouldnt it?  I can access from
anywhere on the LAN.

mak wrote:
Quoted text here. Click to load it


Re: Sonicwall newbie question...
woody wrote:
Quoted text here. Click to load it

can you ping the host from the sonicwall (settings-diagnostics)
M

Re: Sonicwall newbie question...

I got it all working last night.  I really appreciate all the great
feedback and help from you.  This was all a bit new to me.  I knew the
terminology, but putting it all to use was a new experience.

Thanks, again!

mak wrote:
Quoted text here. Click to load it


Re: Sonicwall newbie question...
Actually, I have one more question, if I might be allowed to pick your
brain once more.  I added the nat'd address to the new public IP, and
created the rule to allow from the LAN to the NAT'd address.  This
worked, and I was able to remote to the machine.  Now, however, when I
try to access the server internally via a network share, myself and
anyone else that is trying to do so are not able to.

Any ideas why this might be?  I didn't think the new NAT and Access
Rule would affect local LAN traffic, but it appears to do just that.

Any input is, as always, greatly appreciated.



mak wrote:
Quoted text here. Click to load it


Re: Sonicwall newbie question...
woody wrote:
Quoted text here. Click to load it
                                      
i am assuming this is a typo and should be WAN
Quoted text here. Click to load it
network share in your LAN has nothing to do with rdp access from outside and
Quoted text here. Click to load it
no:
the nat and access rule from wan to lan only affect your access through the
firewall (obviosly)

so, if your you are not using the DMZ interface and client and server are in the
same segment, and you are using the
correct internal adresses, you'r problem is not the sonicwall.

  M

Re: Sonicwall newbie question...
OK, I have question, related to when I added the One-to-One NAT rule...


When doing so, this appears at the top of the window:

NOTE: Computers connected in the One-To-One NAT IP range specified will
be disconnected.

I'm wondering if this was my problem, because I had to add my internal
IP address.  So if users were connected to the network share at the
time, they would have been disconnected.  I also wonder if just
rebooting the server in question would restore the connectivity.


mak wrote:
Quoted text here. Click to load it


Site Timeline