Answered by:
Sonicwall Firewall NAT Policy - HOWTO

Question
-
I made this thread for whom do search and can find out how to setup NAT policy the correct way to publish your WHS as web server to the internet.
First let add some services:
In your sonicwall, go to Firewall section and select "services".
We need to add these port/s to a services, Her the port/s we need to add:
- whs-4125 (TCP 4125)
- whs-1900 (UDP 1900) *optional
Now, let creat group services, we will call it here "WHS-Rules" (just example name tho, you can chose whatever):
Add Group (in Group Services):
Name: WHS-Rules
HTTP (TCP 80)
HTTPS (TCP 443)
whs-4125
whs-1900
Notice: you can remove later on the port (whs-1900) from the WHS-Rules group if you like, we just here want to insure everything working at first.
Now Let give the WHS local and external name (I know you do that already, but I need to be clear regarding this issue)
Go to your "Network" section:
Address Object.
We need to put 2 address here for whs, one internal, and one external
1 - Add:
Name: whs_private_ip
Zone: LAN
Type: host
IP address: 192.168.1.2 (this is example, just put here the LOCAL ip for your whs server).
2 - Add:
Name: whs_public_ip
Zone: WAN
Type: host
IP address: your dsl adress if that static or the nat address your ISP give you for your dsl/router.
Now to let the WHS have access to the interent, go to your Firewall section, Access Rules, and let add this:
Add:
Allow
From zone: LAN
To Zone: WAN
Services: Any (or whatever you like to give access to it).
Source: whs_private_ip
Destination: Any (or whatever you like to give access to it).
User allowed: all
Schedule: Always on
Check if the whs server can access the internet, then we go for the publish whs as web server.
Go to your "Network" section, NAT Policies, and let add this:
Original Source : whs_private_ip
Translated Source : wha_public_ip
Original Destination : Any
Translated Destination : Original
Orignal Services: WHS-Rules
Translated Services: Original
Inbound Interface : LAN
Outbound Interface : WAN
And put a check for Create Reflexive Policy
We need to add another nat polices to create the DNS Loop Back :
Original Source : Lan subnets
Translated Source: Wan Primary IP
Original Destination: wha_public_ip
Translated Destination: whs_private_ip
Orignal Services: WHS-Rules
Translated Services : Original
Inbound Interface: Any
Outbound Interface: Any
Now since that, we will see in the NAT Polices we have 3 NAT polices been created, we need to uncheck (disable it) this one:
source original: whs_private_ip
Source translated: whs_public_ip
Destination Original: any
Destination Translated: Original
Service Orignial WHS-Rules
Service Translated Original
Interface Inbound Lan
Outbound WAN
That it, and we all done, check to see if you can access your WHS server, if not enable that last policy back.
My best,
AhmadThursday, July 5, 2007 3:43 PM
Answers
-
MikeJ50 wrote: Thanks for this nice how to, but still not working ... what I am doing wrong???
sonicwall model: pro 1260
Can you help?
regards,
Mike
Hi,
Can you recheck you have done this in the last steps:
Now since that, we will see in the NAT Polices we have 3 NAT polices been created, we need to uncheck (disable it) this one:
source original: whs_private_ip
Source translated: whs_public_ip
Destination Original: any
Destination Translated: Original
Service Orignial WHS-Rules
Service Translated Original
Interface Inbound Lan
Outbound WAN
That it, and we all done, check to see if you can access your WHS server
My best.Saturday, July 21, 2007 8:14 PM -
Hi,
Good to see thing work fine with you, that what this howto is all about.
Regarding the first nat policy we made then we remove, is simple:
Notice in the first nat rule, we made this:
"Create Reflexive Policy" by mark the box, what that actully do:
We tilling sonicwall to go a head and create "mirror" outbound/inbound nat policy as well, we could done that, but it best to let sonicwall do it.
As you notice, we "only" did 2 nat policy on the howto, but the result was 3, so again, since our first nat will actully effect the second one, so we remove it since it not need it anymore.
Hope I explain the issue and make it clear even with my poor English language.
My best,
AhmadSaturday, July 21, 2007 10:43 PM
All replies
-
Thanks for this nice how to, but still not working ... what I am doing wrong???
sonicwall model: pro 1260
Can you help?
regards,
Mike
- Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:14 PM
Saturday, July 21, 2007 7:58 PM -
MikeJ50 wrote: Thanks for this nice how to, but still not working ... what I am doing wrong???
sonicwall model: pro 1260
Can you help?
regards,
Mike
Hi,
Can you recheck you have done this in the last steps:
Now since that, we will see in the NAT Polices we have 3 NAT polices been created, we need to uncheck (disable it) this one:
source original: whs_private_ip
Source translated: whs_public_ip
Destination Original: any
Destination Translated: Original
Service Orignial WHS-Rules
Service Translated Original
Interface Inbound Lan
Outbound WAN
That it, and we all done, check to see if you can access your WHS server
My best.Saturday, July 21, 2007 8:14 PM -
That did it!
I am not questionable your steps, but why we have to define a nat rule, then remove it later on?
regards,
Mike
- Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:15 PM
Saturday, July 21, 2007 9:01 PM -
Hi,
Good to see thing work fine with you, that what this howto is all about.
Regarding the first nat policy we made then we remove, is simple:
Notice in the first nat rule, we made this:
"Create Reflexive Policy" by mark the box, what that actully do:
We tilling sonicwall to go a head and create "mirror" outbound/inbound nat policy as well, we could done that, but it best to let sonicwall do it.
As you notice, we "only" did 2 nat policy on the howto, but the result was 3, so again, since our first nat will actully effect the second one, so we remove it since it not need it anymore.
Hope I explain the issue and make it clear even with my poor English language.
My best,
AhmadSaturday, July 21, 2007 10:43 PM -
I have a SonicWall TZ 180. I imagine the firewall rules are pretty similar. Do you (or anyone) have the specific firewall rules to get the WHS to work properly? I have the default setting in my firewall. Thanks, FF
- Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:16 PM
Friday, January 25, 2008 2:38 AM -
I have the same firewall as FantasticF. I am not seeing some of the following information depicted in this document. Is there a post out there somewhere for this model
- Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:16 PM
Sunday, May 31, 2009 5:46 AM -
Reading through this, and found that I have much to learn. Can anyone recommend a website or reading materail that can educate me on networking, Nat, routing and all that fun stuff. I'm a hardware geek by trade and can do much with servers and desktops, but when it comes to networking, am quite new to this area, but am more than willing to learn. I know there are many good books on the market, but was hoping someone could recommend one that I could start with, to get the basics of networking. Having taken over as the IT Director of a small private school, I'm having to learn to lock down the network and would be much easier to know something about networking.. (Yes - the school does know that I'm a newbie when it comes to networking, but it's a pretty basic setup currently, but want to take it much further than it is.)
I appreciate your patience as I try to learn.
I've also noticed that using my xbox360 with home server, that it doesn't always want to work the way I thought it should - I'm having to use the Video option instead of media center, as I'm having problems installing the connector. What are your suggestions?
I also have a netgear media extender, but it suggests that I install the library management software on the server with my data, and not sure if that's a good idea with Home Server - right now, I'm accessing all the media through "folders" instead.
Again, I'll browse through this forum, but as we all know, there is tons and tons of information and I want to do this one time correctly. I have almost 3TB of files on my home server that I want to access. :-)
Thanks..
Rob
Rob
P.S. When trying to access my home server offsite, I get directed to my Sonicwall router, so I know I've missed something - Back to the drawing board. :-)
I'll blame it on it being very late and being very tired. :-)- Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:17 PM
Sunday, January 3, 2010 4:55 AM -
Reading through this, and found that I have much to learn. Can anyone recommend a website or reading materail that can educate me on networking, Nat, routing and all that fun stuff. I'm a hardware geek by trade and can do much with servers and desktops, but when it comes to networking, am quite new to this area, but am more than willing to learn. I know there are many good books on the market, but was hoping someone could recommend one that I could start with, to get the basics of networking. Having taken over as the IT Director of a small private school, I'm having to learn to lock down the network and would be much easier to know something about networking.. (Yes - the school does know that I'm a newbie when it comes to networking, but it's a pretty basic setup currently, but want to take it much further than it is.)
You can't use your XBox 360 as a MCE unless you have a Media Center PC in your LAN (which WHS isn't). The XBox 360 needs to be connected to a MC PC and that PC can pull data from the server, but you can't go directly from the 360 to WHS using the extender functionality.
I appreciate your patience as I try to learn.
I've also noticed that using my xbox360 with home server, that it doesn't always want to work the way I thought it should - I'm having to use the Video option instead of media center, as I'm having problems installing the connector. What are your suggestions?
I also have a netgear media extender, but it suggests that I install the library management software on the server with my data, and not sure if that's a good idea with Home Server - right now, I'm accessing all the media through "folders" instead.
Again, I'll browse through this forum, but as we all know, there is tons and tons of information and I want to do this one time correctly. I have almost 3TB of files on my home server that I want to access. :-)
Thanks..
Rob
Rob
P.S. When trying to access my home server offsite, I get directed to my Sonicwall router, so I know I've missed something - Back to the drawing board. :-)
I'll blame it on it being very late and being very tired. :-)- Proposed as answer by lasuchBanned Tuesday, October 19, 2010 6:17 PM
Monday, January 4, 2010 2:22 AMModerator