Hello All.
I’ve just setup a new Fusion Hub, by deploying a server on Vultr. I’ve added this new virtual fusion Hub to InControl2 and I’ve created a Speed Fusion VPN tunnel to my MBX unit. Essentially what I want to use the Fusion Hub for is to have a UK public IP address where services such as email can be directed, and then from the Fusion Hub be forwarded to the MBX and into my network to the relevant servers etc. Issue I’m having is nothing is geting through, for example SMTP traffic on port 25 is not going through and is being rejected, despite my creating a firewall rule to permit this traffic to pass. I’m directing traffic to the WAN IP address of the Fusion Hub, I presume that this is correct. I"ve created inbound firewall rules to forward traffic but they do not appear to be dpoign anything.
Essentially what I’m using the Fusion HUb for is to have a public IP address that will be constant and allow me remote access to my network. Is there something I’m doing wrong here? I’m taking the WAN IP to be my public IP and I’m directing traffic to that interface.
Port 25 is blocked by default on Vultr, you have to allow it on the host network itself see:
Hi Martin,
OK thats interesting, thanks for that, I didn’t know those ports were blocked by default. I think that may partially solve my issue.
My other issue is reaching the firewall which is connected to the LAN interface of the MBX. My basic network layout for this setup is - Firewall WAN interface (192.168.4.2) which is connected directly to LAN1 of the MBX (192.168.4.1). From the Fusion Hub I can ping 192.1658.4.1 but I cannot ping 192.168.4.2 - the firewall interface. From the MBX I can ping the Firewall interface (192.168.4.2). My mail server resides behind the firewall on my internal LAN, and I need to be able to reach this from the outside world. If I cannot ping it from the Fusion Hub then I don’t see how it can send traffic to it, or am I missing something comepletely obvious. I have created forwarding rules and a static route on the Fusion Hub for this address and I’m still unable to reach it.
Check the gateway on the firewall. Is it set to the MBX LAN IP?
If it is, I expect a firewall config issue. what do the firewall logs say? is it blocking traffic?
I’ve checked the gateway interface on the firewall and it’s fine, it’s passing traffic. I can get out to the internet over this interface and when I do a “whats my IP” check, it’s the public WAN IP of the Fusion hub that shows up. So I’m definitely getting out to the outside world over this interface.
My concern is that for some reason the Fusion Hub is unable to see the firewall interface, which is on the same subnet at the MBX LAN. I can ping the LAN port of the MBX from the fusion hub, but not the firewall interface. I can ping the firewall interface from the MBX box. Is there double NATing involved here?
Routing is working fine if you can ping the MBX LAN from the Fusionhub.
Its your firewall that is blocking / not responding to ping - I expect because it’s not coming from the same subnet. What firewall is it? Fortigate / Kerio? What do the firewall logs say?
Yes, the gateway on the Firewall interface is configured with the same subnet as the MBX box, and both units talk nicely with each other, Firewall to MBX LAN Port No. 1. I’ve since added a static route to the Fusion Hub to allow it to talk to the Firewall and it appears to be communicating with that interface now. I would have thought that it wouldn’t be necessary to add a static route and that the Fusion Hub would see that interface (the Firewall interface) given the MBX is hardwired to it.