Author Topic: Access router behind ebox firewall  (Read 2779 times)

n4than

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Access router behind ebox firewall
« on: January 17, 2011, 05:44:24 pm »
Hi to all,
I used Ebox 1.4 in my company and this is my topology

Eth0 -> WAN 192.168.4.254 --->Gateway 192.168.4.250
Eth1 -> LAN 192.168.10.250 -> Gateway for internal lan
Eth2 -> WAN 192.168.3.254 --> Gateway 192.168.3.250
VPN 192.168.160.0 with exposed lan 192.168.10.250
For administrator purpouse I need to access the web configuration of the router 192.168.4.250
while I'm in vpn.
I have been trying to add a static
"sudo iptables -I POSTROUTING -t nat -o tap0 -d 192.168.4.250 -j MASQUERADE"
with no luck.
add a port forward rule from ebox GUI with no luck.
Can anybody helps me ?
Thank in advance




Sam Graf

  • Guest
Re: Access router behind ebox firewall
« Reply #1 on: January 17, 2011, 06:19:40 pm »
In my case, I added a firewall rule to allow HTTP traffic between the VPN (source) an LAN (destination) address ranges. Of course my normal setup is with the proxy enabled and routine HTTP traffic blocked. If your setup is different, I don't think the firewall rule applies.

n4than

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Access router behind ebox firewall
« Reply #2 on: January 17, 2011, 06:22:00 pm »
Thank you for your fast reply.
I don't use any HTTP Proxy. I have been trying with some ssh tunnel trick but always with no luck

Sam Graf

  • Guest
Re: Access router behind ebox firewall
« Reply #3 on: January 17, 2011, 06:31:09 pm »
Very odd.  I guess you could rule out firewall intervention with a test any-any rule on internal traffic. I've had no trouble accessing a web interface on the LAN from a VPN connection with the firewall rule in place. No static routes, no port forwarding. So I'm not sure what could be going on in your setup. Sorry.

n4than

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Access router behind ebox firewall
« Reply #4 on: January 17, 2011, 11:42:31 pm »
Thank you again for your reply.
these are my firewall rules for internal networks

ACCEPT
Source Any
Destination Any
Service Any


but with no luck , I cannot access the web administrator page of my wan router.
I removed all static routes and port forward.

Sam Graf

  • Guest
Re: Access router behind ebox firewall
« Reply #5 on: January 18, 2011, 03:48:03 pm »
I must be missing something within your setup since I can't think of something that would block HTTP access from a VPN connection. We have site-to-site Zentyal VPN running, for example, and we access web interfaces across LANs daily, so it would seem like I could offer some better help. But again, I must be missing some key fact.  :(

Josep

  • Zen Samurai
  • ****
  • Posts: 255
  • Karma: +6/-0
    • View Profile
Re: Access router behind ebox firewall
« Reply #6 on: January 19, 2011, 12:24:37 pm »
I don't think you have any special setup and it seems to me that it should work out of the box.
However, please note that the router IP is not part of your LAN. It is in an external network, so maybe you are looking at the wrong rules?
I would try simplifying and removing all unneeded rules and once you can connect start closing them again.

n4than

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Access router behind ebox firewall
« Reply #7 on: January 19, 2011, 08:45:38 pm »
I work it out.
I exposed the lan in VPN and everything is ok .
thanks to all