port forwarding problem in lancom 1711

Forum zu aktuellen Geräten der LANCOM Router/Gateway Serie

Moderator: Lancom-Systems Moderatoren

Antworten
hmontoliu
Beiträge: 5
Registriert: 20 Nov 2007, 15:27

port forwarding problem in lancom 1711

Beitrag von hmontoliu »

Hello and sorry for posting in english

we have a lancom 1711VPN which had a problem last week and I was forced to reconfigure it from scratch.

Prior to the problem it had LCOS 7.x but the new configuration is built on LCOS 8.

This router is balancing through 3 WANs and everything is OK.

It is located in a remote office, and we used to use ssh tunnels to access everything we needed inside the remote LAN including the lancom own WEB interface. Those tunnels are stablished with two GNU/Linux servers within the remote LAN.

However after the reconfiguration the 1-N-NAT has stopped to work. The configuration of those ssh mappings is:

Code: Alles auswählen

> ls /Setup/IP-Router/1-N-NAT/Service-Table

D-port-from  D-port-to    Protocol   Peer              WAN-Address      Intranet-Addres  Map-Port     Active   Comment                                                         
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------                                                           
9989         9989         TCP                          0.0.0.0          192.168.1.17      9989         Yes      Zeus                                                            
9990         9990         TCP                          0.0.0.0          192.168.1.33     9990         Yes      Argus
I've also tried to permute every peer names and WAN-addresses w/o succeed. I can't access to the inner ssh servers from any of the wan IPs

I've also checked if it was a firewall issue but we dont have a deny-all rule at all. However I've set up an "allow-everything" rule as follows with no succeed:

Code: Alles auswählen

> ls /Setup/IP-Router/Firewall/Rules/ALLOW-EBM-SSH

Name                              Prot.       Source                                    Destination                               Action                                    Linked  Prio   Firewall-  VPN-Rule   Stateful  Rtg-tag  Comment                                                         
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ALLOW-EBM-SSH                     TCP         ANYHOST                                   EBM-SSH                                   %Lcds0 %A                                 No      0      Yes        No         Yes       0        Permite el uso de los puertos para las conexiones ssh de ebm
where EBM-SSH stands for:

Code: Alles auswählen

> ls /Setup/IP-Router/Firewall/Objects/EBM-SSH

Name                              Description                                                     
--------------------------------------------------------------------------------------------------
EBM-SSH                           %S9989-9990 ANYHOST
These are all the rules in the firewall:

Code: Alles auswählen

Name                              Prot.       Source                                    Destination                               Action                                    Linked  Prio   Firewall-  VPN-Rule   Stateful  Rtg-tag  Comment                                                         
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
WINS                              TCP UDP     NETBIOS ANYHOST                           ANYHOST                                   INTERNET-FILTER                           No      0      Yes        No         Yes       0        block NetBIOS/WINS name resolution via DNS                      
ALLOW-EBM-SSH                     TCP         ANYHOST                                   EBM-SSH                                   %Lcds0 %A                                 No      0      Yes        No         Yes       0        Permite el uso de los puertos para las conexiones ssh de ebm    
RDP_POR_ONOCISCO                  ANY         LOCALNET                                  RDP ANYHOST                               ACCEPT                                    No      0      Yes        No         Yes       2        Conexiones remotas deben establecerse por cisco                 
QOS_PARA_RDP                      ANY         ANYHOST                                   RDP ANYHOST                               ACCEPT %Qcds100                           No      0      Yes        No         Yes       2        Garantizar ancho de banda para RDP                              
OBFUSC_HORDE                    TCP         LOCALNET                                  %S2095 ANYHOST                            ACCEPT                                    No      0      Yes        No         Yes       1        excepcion para usar correo web horde desde despacho obfusc-gal
HTTPS_POR_RUTA1                   ANY         LOCALNET                                  HTTPS ANYHOST                             ACCEPT                                    No      0      Yes        No         Yes       1        Desviando https por la ruta con RT1                             
OBFUSC_WEBMAIL                  TCP         LOCALNET                                  WEBMAILOBFUSC                           ACCEPT                                    No      0      Yes        No         Yes       1        excepcion para usar correo web horde desde despacho obfusc-gal
Finally the routing table and the peers involved in the load-balancing are:

Code: Alles auswählen

> l /Setup/IP-Router/Load-Balancer/Bundle-Peers

Peer               Bundle-Peer-1      Bundle-Peer-2      Bundle-Peer-3      Bundle-Peer-4    
---------------------------------------------------------------------------------------------
BALANCEADOR        ONODHCP            ONOCISCO           TELEF1                              

> l /Setup/IP-Router/IP-Routing-Table          

IP-Address       IP-Netmask       Rtg-tag  Peer-or-IP        Distance  Masquerade  Active   Comment                                                         
------------------------------------------------------------------------------------------------------------------------------------------------------------
192.168.0.0      255.255.0.0      0        0.0.0.0           0         No          Yes      block private networks: 192.168.x.y                             
172.16.0.0       255.240.0.0      0        0.0.0.0           0         No          Yes      block private networks: 172.16-31.x.y                           
10.0.0.0         255.0.0.0        0        0.0.0.0           0         No          Yes      block private network: 10.x.y.z                                 
224.0.0.0        224.0.0.0        0        0.0.0.0           0         No          Yes      block multicasts: 224-255.x.y.z                                 
255.255.255.255  0.0.0.0          3        TELEF1            0         on          Yes                                                                      
255.255.255.255  0.0.0.0          2        ONOCISCO          0         on          Yes                                                                      
255.255.255.255  0.0.0.0          1        ONODHCP           0         on          Yes                                                                      
255.255.255.255  0.0.0.0          0        BALANCEADOR       0         on          Yes
I'm sure that I'm missing something really obvious but I cant see what the heck is it.

Any help will be appreciated. Thanks in advance
Nach oben
Antworten

Zurück zu „Fragen zur LANCOM Systems Routern und Gateways“