6
I realise that this may be better suited to ServerFault, but this is my home network that I run in a non-professional enviroment.
At home I have my main router connected to the internet which the main family computer and laptop run from. I also have a "development" network with a m0n0wall firewall in a VM to provide internet services. I want to host a website (and eventually other services) on one of the machines on the dev network but cannot figure out how to "port forward" through my main (belkin) router, through to the m0n0wall firewall, and then through to webserver.
The traffic would have to come through the public ip, pass through port 80 of the main router (192.168.2.1) then be forwared through the WAN connection of the m0n0wall box (192.168.2.2), out of the LAN connection (192.168.10.2) and finally into the server. After the configuration is saved I can't work out while it is not working. I can host the site fine behind the main router. There is a firewall rule on m0n0wall to pass port 80 traffic from 192.168.2.1 through but it just isn't working.
I've drawn a very basic diagram below (unfortunately any advanced Visio stuff is currently black magic to me).
1small networking questions for personal use are on-topic – James Mertz – 2011-08-23T16:05:32.650
Are you able to access the web server from your family machine? I think you need to get that working first. Once that is working, then getting the belkin working should be easy. – Zoredache – 2011-08-23T16:12:42.037
What does your firewall rule in the m0n0wall look like? – MaQleod – 2011-08-23T16:15:20.803
@MaQleod - http://i.stack.imgur.com/sFCoJ.png.
– tombull89 – 2011-08-23T16:22:14.687@Zoredache - no. looks like I'll start there. – tombull89 – 2011-08-23T16:22:24.157
@tombull: Please note that firewall rules work on data that passes by, they do not forward data they receive. Hence, the source IP refers to the IP who sent the actual packet which is most likely the internet. For example, if I have a web server; then my log would reveal the IP of the visitor for each request and not the IP of the main router. In your main router you said "make port 80 traffic explicitly go to M0n0wall" which only changes the destination address to be the firewall, this is why it doesn't end up at your web server. Why you need a separate router and firewall? – Tamara Wijsman – 2011-08-23T16:40:31.827
@Tom, I understand that now. The router and main family PC belongs to my parents and the firewall acts as a gateway for my development network. Really, I don't need it, I could probably do it with subnetting instead (I'd just prefer to aviod tampering with the router, just because) – tombull89 – 2011-08-23T17:20:31.660