hi all...
I just asked this question few months ago.. (don't remember at which thread) , it was:
can I map a port if BWM installed on another machine (Not the gateway) + redirect that traffic to http: site (payment message) for example.. ++ this site is external (not at BWM machine) ?????
now i can say YES.. I managed to do this... first let us see what my network consists of:
- a gateway (Kerio control) Linux version <--- this what makes me start to think if i can map to external port/http
- windows XP + BWM (latest 3.06) installed
+ all are virtually VMwared still didn't implement it to a real working network .. so still don't know how stable this 'll be..
How to do it:
=========
1- I bridged BWM machine between users/hosts switch - and the internet gateway
2- make this bridge from BWM as it explained in Help file (read how to make it carefully - it toke me some trials/errors to make it work)
3- at this point.. a host PC connected to gateway (through) BWM should be fully connected to internet.. and BWM should be transparent to both sides (gateway/users)
4- now u need to add some rules before the the port mapping rule .. to allow some important traffic that must NOT be blocked/mapped
----> #1 Rule = to allow DNS traffic from/to Gateway and users
----> #2 Rule = to allow traffic from users to reach BWM freely
----> #3 Rule = to allow port 80 traffic to the external site/http server that hosts your web-page/message
--------> you may not need this rule #3 if your http server hosted on the same BWM machine
----> #4 Rule = port mapping rule.. that you need to redirect traffic to your http server to show that web-page/message
============================
things you MUST do.. and i don't know why.. but it didn't work unless u do it!!
== may Andrew explain it ?!!
** I noticed that (port mapping) Rule will NOT redirect or even block the traffic, if Rule protocol was (TCP/UDP) .. this means you can't redirect specific port, ie (80)
that's why we needed to allow DNS and some other traffic before mapping rules ..
it worked fine if rule protocol is (IPv4 based) .. in this mode, you can't chose a specific port .. it's all or nothing
but this is fine for the goal needed here.. (blocking all traffic and show a payment message)
** You MUST change "Network Interface" from all interfaces to (interface that connected to users side, NOT gateway side..
** I'll name it LAN here..
-- Rules instructions :
==============
1- allow DNS:-------- direction=Both > protocol=TCP/UDP ------ source=ANY:53 --- destination=ANY -----------interface= LAN
2- allow to BWM:---- direction=Both > protocol= (IPv4 based) -- source=ANY ------ destination=Local Host --- interf.=LAN
3- allow to webserver: direct.=Both > protocol= TCP/UDP ------ source=ANY ------- dest.= IP of webserver---- interf.=LAN
4- ((Mapping Rule)): direct.=Both >> protocol= (IPv4 based) -- source=ANY ----- dest. = IP of user PC you need to redirect him -- interf.=LAN
** Both rules (allow traffic to BWM machine AND Mapping Rules MUST be IPv4 based protocol
** you MUST allow any important traffic to your gateway, like DHCP , or just allow ANY (not so secured) , just put in mind that Mapping Rule 'll block any traffic that not allowed by another rule before it.. so figure out which service/port/IP you want to reach the mapped/redirected user while his mapping rule are active, and add allow rules accordingly to make things tight and secured
I hope this could help someone needed it..
thanks and have FUN with BWM