Webserver issues, can access from WAN but not LAN (Server hosted locally) Sonicwall

DJMK4

DJMK4

DJMK4

Soldato
Joined
1 Dec 2004
Posts
23,082
Location
S.Wales
Hi all,

I need some advice from someone, basically a client of ours has a web-server hosted locally on their site to host their website www.blah.co.uk, its all behind our firewall (SonicWall), I have created the firewall rule which allows HTTP in from any source to the interface on the sonicwall, the NAT policy then does it's thing and translates that to the internal IP of the web-server.

That all worked fine, I then had a call saying can access it externally fine, but no one could get on to this internally, because when they type in the web address www.blah.co.uk it translates to their public facing address, so I have to somehow create a rule to allow that back in?

What's the best way to go about this?

At the moment, if its being sent out, and HTTP has a NAT policy coming through to this web-server, it should work? but they get nothing, and cant ping their domain

If info is sketchy let me know, I will provide more if needed :)

Any help appreciated
 
Last edited:
You need a NAT loopback rule which takes requests which resolve to the WAN IP (or another address in their public range) and loops them back to the internal server IP.

The NAT rule will be something along the lines of:

Original Source : LAN Subnets (or Firewalled Subnets)
Translated Source : Public IP of Server (eg WAN IP - what the DNS will resolve www. to)
Original Destination : Public IP
Translated Destination : Internal IP of the server
Original Service : HTTP
Translated Service : Original
 
I think I found a link on Sonicwall doc's, Creating a One-to-One NAT Policy for Inbound Traffic (Reflective)

Go to the Firewall>Access Rules page and choose the policy for the ‘WAN’ to ‘Sales’ zone intersection (or, whatever zone you put your server in). Click on the Add button to ping up the pop-up access policy screen. When the pop-up appears, enter in the following values:

Action: Allow
Service: HTTP
Source: Any
Destination: web server_public_ip
Users Allowed: All
Schedule: Always on
Logging: checked
Comment: (enter a short description)

When you are done, attempt to access the web-server public IP address using a system located on the public Internet. You should be able to successfully connect. If not, review this section, and the section before, and ensure that you have entered in all required settings correctly.
Click to expand...

Obviously that description is from some older firmware but do you think this one is right or what you said?
 
Last edited:
What appliance and OS? If it's anything recent with 5.x, I'd go with my setup :D It's a NAT rule you need, not a firewall rule.
 
Last edited:
Will give it an update later on this evening, just out of curiosity do you get involved with a lot of SonicWall appliances?
 
You must log in or register to reply here.
Back
Top Bottom