Question about SonicWALL PRO 300 Firewall
I configured a dedicated Windows Server 2003 Dell Poweredge 400S server to be an FTP server. I set up the DMZ port as 172.16.0.1 w/255.255.0.0 subnet. The public IP is 220.127.116.11, which is on the same subnet as our WAN IP, 18.104.22.168. The internal static IP of the FTP server is 172.16.0.2. The default gateway for the FTP server is 172.16.0.1, address of DMZ port. I updated the router thru the Web management console and created a rule to allow all sources FTP access to the DMZ port. There is no firewall (not even Windows) on the server. From any computer in our LAN, 192.168.77.0 w/255.255.255.0 subnet, I can FTP into the FTP server. However, I cannot FTP into the public IP. Also, the FTP server can not see the Internet. Pinging the FTP server from the router and any LAN computer is successful. The FTP server can not ping any computer and not 172.16.0.1). Don't understand what could be going on. The FTP site is configured to allow all computers anonymous access. I will worry about adding security when after I can FTP into the server.
If you're within a network and try connecting to computers on it with the WAN public IP, it simply won't work - you must use the network IP. On an external Internet connection, it should connect fine to the public IP. If you have access to an external machine (remote desktop), or if you know of an FTP proxy, you can try it that way. I also believe http://www.webftp.co.uk/ a web based FTP client would act as somewhat of a proxy, you could try that with the public IP and see how you go.
Posted on Sep 07, 2007
The question is whether the Sonicwall is acting as a firewall for you network or it is also the router for your Internet access as well as the firewall. It is important which device is doing the address translation for the FTP server.
If there is a router between the Sonicwall and the Internet, there is a need to configure a static route on the router to route the external IP of the FTP server to the external IP address of the Sonicwall.
Otherwise, you should segment you public (or get a specific routing pair from your ISP and the have the ISP route you public network to the IP of the Sonicwall).
You must remember that routing should be consistent both ways - to the Internet and back.
Also remember the whe doing NAT, the IPs of the NAT should be routed the the device doing the NAT.
Posted on Feb 08, 2009
Tips for a great answer:
Usually answered in minutes!
Step 2: Please assign your manual to a product: