First off, I have to say I'm not exactly an expert in all things networking/firewall, so I apologize because this is probably a simple solution that's staring me in the face but I'm refusing to see it.
The setup:
Zentyal - v2.2.7 - Installed on a PC and Configured as a Gateway
- eth1 (WAN - DHCP)
- eth2 (LAN - Static - 20.20.10.X - VOIP)
- eth3 (LAN - Static - 20.20.1.X - Workstations)
- eth4 (LAN - Static - 20.20.20.X - Zoneminder)
dpkg -l | grep "zentyal-"
ii zentyal-antivirus 2.2.1 Zentyal - Antivirus
ii zentyal-ca 2.2.2 Zentyal - Certification Authority
ii zentyal-common 2.2.3 Zentyal - Common Library
ii zentyal-core 2.2.7 Zentyal - Core
ii zentyal-dhcp 2.2.1 Zentyal - DHCP Service
ii zentyal-dns 2.2.1 Zentyal - DNS Service
ii zentyal-ebackup 2.2.4 Zentyal - Backup
ii zentyal-firewall 2.2 Zentyal - Firewall
ii zentyal-gateway 2.2 Zentyal - Gateway Suite
ii zentyal-ids 2.2.2 Zentyal - Intrusion Detection System
ii zentyal-l7-protocols 2.2 Zentyal - Layer-7 Filter
ii zentyal-monitor 2.2.3 Zentyal - Monitor
ii zentyal-network 2.2.6 Zentyal - Network Configuration
ii zentyal-objects 2.2 Zentyal - Network Objects
ii zentyal-openvpn 2.2.1 Zentyal - VPN Service
ii zentyal-remoteservices 2.2.5 Zentyal - Cloud Client
ii zentyal-security 2.2 Zentyal - UTM Suite
ii zentyal-services 2.2 Zentyal - Network Services
ii zentyal-software 2.2.4 Zentyal - Software Management
ii zentyal-squid 2.2.5 Zentyal - HTTP Proxy (Cache and Filter)
ii zentyal-trafficshaping 2.2 Zentyal - Traffic Shaping
ii zentyal-users 2.2.5 Zentyal - Users and Groups
The problem:
I'm trying to access the Administration portal on our VOIP server over port 8080, but the firewall is dropping the request. The user portal uses port 80 and I can access it just fine. So, from 20.20.1.X to 20.20.10.50:80 works while same computer to 20.20.10.50:8080 does not.
What I have tried:
I have added 8080 to the HTTP service. I have set up a packet filter rule to allow any/any/any for internal networks (out of desperation I even added an any/any/any to ALL subsections of the packet filter). I have set up a port forwarding rule:
Interface: Tried all 4
Original Destination: Tried "Zentyal" and 20.20.10.50
Original Destination Port: 8080
Source: Any
Destination IP: 20.20.10.50
Port: Same
Replace Source Address: Tried On and Off
After everything I try I always get this in my firewall log:
Date | Input interface | Output interface | Source | Destination | Protocol | Source port | Destination port | Decision |
2012-04-04 11:34:25 | eth3 | eth2 | 20.20.1.4 | 20.20.10.50 | TCP | 36990 | 8080 | DROP |
and Chrome shows me this:
This webpage is not available
The connection to 20.20.10.50 was interrupted.
I don't have much hair left, so please tell me what I'm doing wrong before I pull out the rest of it!
Thanks in advance for the help.