Forums

Resolved
0 votes
Hey guys I am having som trouble with my setup clearos 7.0 Community the only port the works with the forwarding is port 80 , my network setup is : isp router with own dhcp and portforward that can't be disable that is the resone for clearos so we can control the network better we had a cisco router that was the gateway before it die :S when i add a portforward rule on the clearos server and the isp router it won't work , when i look at the iptables the rules looks right and port 80 is the only one that works

any idea's what to do this is my first attempt a software router , attach a pic of the iptables.
Attachments:
Friday, July 14 2017, 08:51 AM
Share this post:
Responses (2)
  • Accepted Answer

    Friday, July 14 2017, 02:50 PM - #Permalink
    Resolved
    0 votes
    Here is a guide that tells the differences in port fowarding, virtual addresses, and 1:1 NAT. Many other firewalls require you to set up multiple technologies to get one outcome (like port forwarding.) ClearOS takes care of all that in one go. It makes it simple and intuitive for first-time users of firewalls but can be confusing to seasoned firewall admins who have been forced for decades to do each individual step manually. In addition PPTP requires the forwarding of GRE packets and the port forwarding service rule is aware of this nuance so use it instead of simply telling it to forward 1723.

    https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_virtual_interfaces_dmz_port_forwarding_and_1-1_nat#port_forwarding
    The reply is currently minimized Show
  • Accepted Answer

    Friday, July 14 2017, 02:40 PM - #Permalink
    Resolved
    2 votes
    It looks like you are trying to forward 80, 1723 (PPTP) and 587 (STARTSSL). You need to remember that port forwarding is for traffic through ClearOS to the network behind it, and opening ports is from the internet to ClearOS and not to the network behind it. In your case you've also opened incoming 1723 and 587. This will stop your port forwards from working. It is a case of one or the other but not both.

    BTW, it is easier to post output to the forum by selecting it in your ssh window, copying it and pasting it into the forum between code tags. If you use PuTTy for SSH in Windows, selecting the text automatically copies it to the clipboard (and right clicking pastes from the clipboard into PuTTy).

    Please be careful opening 22 to the public. You'll need a very strong password, and it is best avoided.
    The reply is currently minimized Show
Your Reply