Joined: 31 Jan 2015
|Posted: Sat Jan 31, 2015 7:16 pm Post subject: VirtualSrver-can't access published srv from internal LAN
I'm new to ZS, and just deployed it as a firewall/router for my office. The diagram looks like as below:
(WAN-External IP) - Internet Router - (LAN:192.168.2.1, DMZ enabled to 192.168.2.3) <---> (ETH01: 192.168.2.3) - ZS - (ETH00: 192.168.151.1) <---> (Internal network: 192.168.151.x) - Published Servers / Clients
My situation is as below:
- Clients / Servers access Internet: OK
- Access to the published servers (ssh, web, ...): OK. E.g: https://$WAN-ExternalIP:$publishedport/ --> OK
- The issue is the clients inside internal network cannot access the published services using the WAN external IP, with the above example: https://$WAN-ExternalIP:$publishedport/ --> not reachable.
The published services are primarily with port number different from the real port number running locally on the servers, e.g: port 28080 is forwarded to port 80 on the local server.
The following is one of the log entries thrown when I tried the above access:
[NEW] tcp 6 120 SYN_SENT src=192.168.151.197 dst=<WAN IP address> sport=49477 dport=28080 [UNREPLIED] src=<WAN IP address> dst=192.168.2.3 sport=28080 dport=49477 mark=100
(Note: 192.168.151.197 is the client IP from inside internal LAN; WAN IP address was removed for security reason; 28080 is the published port, it's supposed to be forwarded to port 80 on the server 192.168.151.28, however the forwarding seems never reach the actual server)
I appreciate if any one can shed some light for troubleshouting