• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 114
  • Last Modified:

Internal Server access from cloud

I have a customer running SBS2003 using the dual NIC configuration. The internal network is addressed using 10.0.0.x while the 2nd NIC on the server is 192.168.1.10 and is connected to a Sonicwall TZ210 at 192.168.1.1.

I need to be able to access an internal server running Apache. That server is at address 10.0.0.2.

I need help in configuring the TZ 210 to accomplish this.

TIA,

Tom Anderson
0
bisman
Asked:
bisman
  • 2
1 Solution
 
KimputerCommented:
Configure a port forward on the Sonicwall to the server (preferably only one ip, the cloud server's ip, allowed access). Have the server in router mode (routing internal to external, the sonicwall). In the server, add another port forward, now to the apache server. Done!
0
 
bismanAuthor Commented:
Thanks for the reply.

Questions:

What do you mean by 'have the server in router mode'? The SBS server? How do you do this?

Also, How do you add a port forward on the SBS box?

Thanks!
0
 
KimputerCommented:
It's in the "Routing and Remote access" module in the Administrative tools.
If you don't use this module, communication from NIC1 won't be passed to NIC2 (or the other way around). The 10.x network should be the LAN, the 192.x network should be the "internet" facing network (in this particular design). That's why you also set port forwarding in this same module. Everything inside LAN can access LAN and Internet. Everything on the 192.x network can access the internet (through the Sonicwall), and only access the 10.x network where you have set port forwarding. No port forwarding means no access at all to the 10.x network.
See screenshot (sorry it's Dutch), name your NICs properly so you know which is which. Enable NAT with simple firewall, assign internal and external interface. On the external interface, rightmouseclick then tab Services and ports to assign the NAT routing information (incoming port, outgoing port, and LAN IP number, could also be localhost, if services from the server needs to be exposed)
routing.PNG
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now