locked
Sonicwall Firewall NAT Policy - HOWTO RRS feed

  • Question

  • I made this thread for whom do search and can find out how to setup NAT policy the correct way to publish your WHS as web server to the internet.

    First let add some services:

    In your sonicwall, go to Firewall section and select "services".

    We need to add these port/s to a services, Her the port/s we need to add:

    - whs-4125 (TCP 4125)
    - whs-1900 (UDP 1900) *optional

    Now, let creat group services, we will call it here "WHS-Rules" (just example name tho, you can chose whatever):

    Add Group (in Group Services):
    Name: WHS-Rules
    HTTP (TCP 80)
    HTTPS (TCP 443)
    whs-4125
    whs-1900

    Notice: you can remove later on the port (whs-1900) from the WHS-Rules group if you like, we just here want to insure everything working at first.

    Now Let give the WHS local and external name (I know you do that already, but I need to be clear regarding this issue)

    Go to your "Network" section:
    Address Object.

    We need to put 2 address here for whs, one internal, and one external

    1 - Add:
    Name: whs_private_ip
    Zone: LAN
    Type: host
    IP address: 192.168.1.2 (this is example, just put here the LOCAL ip for your whs server).

    2 - Add:
    Name: whs_public_ip
    Zone: WAN
    Type: host
    IP address: your dsl adress if that static or the nat address your ISP give you for your dsl/router.


    Now to let the WHS have access to the interent, go to your Firewall section, Access Rules, and let add this:

    Add:
    Allow
    From zone: LAN
    To Zone: WAN
    Services: Any (or whatever you like to give access to it).
    Source: whs_private_ip
    Destination: Any (or whatever you like to give access to it).
    User allowed: all
    Schedule: Always on

    Check if the whs server can access the internet, then we go for the publish whs as web server.

    Go to your "Network" section, NAT Policies, and let add this:

    Original Source : whs_private_ip
    Translated Source : wha_public_ip
    Original Destination : Any
    Translated Destination : Original
    Orignal Services: WHS-Rules
    Translated Services: Original
    Inbound Interface : LAN
    Outbound Interface : WAN

    And put a check for Create Reflexive Policy

    We need to add another nat polices to create the DNS Loop Back :

    Original Source : Lan subnets
    Translated Source: Wan Primary IP
    Original Destination: wha_public_ip
    Translated Destination: whs_private_ip
    Orignal Services: WHS-Rules
    Translated Services : Original
    Inbound Interface: Any
    Outbound Interface: Any

    Now since that, we will see in the NAT Polices we have 3 NAT polices been created, we need to uncheck (disable it) this one:

    source original: whs_private_ip
    Source translated: whs_public_ip
    Destination Original: any
    Destination Translated: Original
    Service Orignial WHS-Rules
    Service Translated Original
    Interface Inbound Lan
    Outbound WAN

    That it, and we all done, check to see if you can access your WHS server, if not enable that last policy back.

    My best,
    Ahmad

    Thursday, July 5, 2007 3:43 PM

Answers

  •  MikeJ50 wrote:

    Thanks for this nice how to, but still not working ... what I am doing wrong???

    sonicwall model: pro 1260

    Can you help?

    regards,

    Mike



    Hi,

    Can you recheck you have done this in the last steps:

    Now since that, we will see in the NAT Polices we have 3 NAT polices been created, we need to uncheck (disable it) this one:

    source original: whs_private_ip
    Source translated: whs_public_ip
    Destination Original: any
    Destination Translated: Original
    Service Orignial WHS-Rules
    Service Translated Original
    Interface Inbound Lan
    Outbound WAN

    That it, and we all done, check to see if you can access your WHS server



    My best.
    Saturday, July 21, 2007 8:14 PM
  • Hi,

    Good to see thing work fine with you, that what this howto is all about.

    Regarding the first nat policy we made then we remove, is simple:

    Notice in the first nat rule, we made this:

    "Create Reflexive Policy" by mark the box, what that actully do:
    We tilling sonicwall to go a head and create "mirror" outbound/inbound nat policy as well, we could done that, but it best to let sonicwall do it.

    As you notice, we "only" did 2 nat policy on the howto, but the result was 3, so again, since our first nat will actully effect the second one, so we remove it since it not need it anymore.

    Hope I explain the issue and make it clear even with my poor English language.

    My best,
    Ahmad

    Saturday, July 21, 2007 10:43 PM

All replies

  • Thanks for this nice how to, but still not working ... what I am doing wrong??? 

     

    sonicwall model: pro 1260

    Can you help?

     

    regards,

    Mike

    • Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:14 PM
    Saturday, July 21, 2007 7:58 PM
  •  MikeJ50 wrote:

    Thanks for this nice how to, but still not working ... what I am doing wrong???

    sonicwall model: pro 1260

    Can you help?

    regards,

    Mike



    Hi,

    Can you recheck you have done this in the last steps:

    Now since that, we will see in the NAT Polices we have 3 NAT polices been created, we need to uncheck (disable it) this one:

    source original: whs_private_ip
    Source translated: whs_public_ip
    Destination Original: any
    Destination Translated: Original
    Service Orignial WHS-Rules
    Service Translated Original
    Interface Inbound Lan
    Outbound WAN

    That it, and we all done, check to see if you can access your WHS server



    My best.
    Saturday, July 21, 2007 8:14 PM
  • That did it!

     

    I am not questionable your steps, but why we have to define a nat rule, then remove it later on?

     

    regards,

    Mike

    • Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:15 PM
    Saturday, July 21, 2007 9:01 PM
  • Hi,

    Good to see thing work fine with you, that what this howto is all about.

    Regarding the first nat policy we made then we remove, is simple:

    Notice in the first nat rule, we made this:

    "Create Reflexive Policy" by mark the box, what that actully do:
    We tilling sonicwall to go a head and create "mirror" outbound/inbound nat policy as well, we could done that, but it best to let sonicwall do it.

    As you notice, we "only" did 2 nat policy on the howto, but the result was 3, so again, since our first nat will actully effect the second one, so we remove it since it not need it anymore.

    Hope I explain the issue and make it clear even with my poor English language.

    My best,
    Ahmad

    Saturday, July 21, 2007 10:43 PM
  • I have a SonicWall TZ 180.  I imagine the firewall rules are pretty similar.  Do you (or anyone) have the specific firewall rules to get the WHS to work properly?  I have the default setting in my firewall.  Thanks, FF

     

    • Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:16 PM
    Friday, January 25, 2008 2:38 AM
  • I have the same firewall as FantasticF.  I am not seeing some of the following information depicted in this document.  Is there a post out there somewhere for this model
    • Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:16 PM
    Sunday, May 31, 2009 5:46 AM
  • Reading through this, and found that I have much to learn.  Can anyone recommend a website or reading materail that can educate me on networking, Nat, routing and all that fun stuff.  I'm a hardware geek by trade and can do much with servers and desktops, but when it comes to networking, am quite new to this area, but am more than willing to learn.  I know there are many good books on the market, but was hoping someone could recommend one that I could start with, to get the basics of networking.  Having taken over as the IT Director of a small private school, I'm having to learn to lock down the network and would be much easier to know something about networking.. (Yes - the school does know that I'm a newbie when it comes to networking, but it's a pretty basic setup currently, but want to take it much further than it is.)

    I appreciate your patience as I try to learn.

    I've also noticed that using my xbox360 with home server, that it doesn't always want to work the way I thought it should - I'm having to use the Video option instead of media center, as I'm having problems installing the connector.  What are your suggestions?

    I also have a netgear media extender, but it suggests that I install the library management software on the server with my data, and not sure if that's a good idea with Home Server - right now, I'm accessing all the media through "folders" instead.

    Again, I'll browse through this forum, but as we all know, there is tons and tons of information and I want to do this one time correctly.  I have almost 3TB of files on my home server that I want to access.  :-)

    Thanks..

    Rob
    Rob

    P.S. When trying to access my home server offsite, I get directed to my Sonicwall router, so I know I've missed something - Back to the drawing board. :-)

    I'll blame it on it being very late and being very tired. :-)

    • Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:17 PM
    Sunday, January 3, 2010 4:55 AM
  • Reading through this, and found that I have much to learn.  Can anyone recommend a website or reading materail that can educate me on networking, Nat, routing and all that fun stuff.  I'm a hardware geek by trade and can do much with servers and desktops, but when it comes to networking, am quite new to this area, but am more than willing to learn.  I know there are many good books on the market, but was hoping someone could recommend one that I could start with, to get the basics of networking.  Having taken over as the IT Director of a small private school, I'm having to learn to lock down the network and would be much easier to know something about networking.. (Yes - the school does know that I'm a newbie when it comes to networking, but it's a pretty basic setup currently, but want to take it much further than it is.)

    I appreciate your patience as I try to learn.

    I've also noticed that using my xbox360 with home server, that it doesn't always want to work the way I thought it should - I'm having to use the Video option instead of media center, as I'm having problems installing the connector.  What are your suggestions?

    You can't use your XBox 360 as a MCE unless you have a Media Center PC in your LAN (which WHS isn't).  The XBox 360 needs to be connected to a MC PC and that PC can pull data from the server, but you can't go directly from the 360 to WHS using the extender functionality.
    I also have a netgear media extender, but it suggests that I install the library management software on the server with my data, and not sure if that's a good idea with Home Server - right now, I'm accessing all the media through "folders" instead.

    Again, I'll browse through this forum, but as we all know, there is tons and tons of information and I want to do this one time correctly.  I have almost 3TB of files on my home server that I want to access.  :-)

    Thanks..

    Rob
    Rob

    P.S. When trying to access my home server offsite, I get directed to my Sonicwall router, so I know I've missed something - Back to the drawing board. :-)

    I'll blame it on it being very late and being very tired. :-)


    • Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:17 PM
    Monday, January 4, 2010 2:22 AM
    Moderator