This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure firewall for server with public IP?

Hi,

I have a few public IP adresses and I want to use just one IP for a server behind port3 of the XG86 firewall. port2 should be WAN and port1 is used to manage the firewall.
I don't want to assign the firewall any public IP, it only should have assigned private IPs.
The traffic of the server behind port3 should of course be filtered by the firewall itself.

I have already tried a WAN(port2)-DMZ(port3) bridge with a private IP, but the server behind port3 didn't get any internet access with that configuration.

Does anyone have any idea how to set this up correctly?

Best regards,

Helge P.

This thread was automatically locked due to age.

Parents

0 Hardik_R over 5 years ago

Hello HelgeP

If you have configure bridge between WAN(port2)-DMZ(port3), you will still need DMZ to WAN firewall rule without any NAT policy.

and assign public IP address manually to your server.

Further the line: "I don't want to assign the firewall any public IP, it only should have assigned private IPs." is confusing because for other users(apart from server) in network, how do you provide internet access?
Cancel
Vote Up 0 Vote Down

Cancel
0 HelgeP over 5 years ago in reply to Hardik_R

Hi Hardik_R,

thank you for your answer. There is and there will be only one server behind the firewall.

I have added a firewall rule for dmz to wan (without nat), but I cannot get it working with only private IP on the bridge.

When I assign the bridge a public IP, the server behind gets internet access, but I don't want the firewall to have any public IP.

Have I configured something wrong?

Best Regards,

Helge P
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 HelgeP over 5 years ago in reply to Hardik_R

Hi Hardik_R,

thank you for your answer. There is and there will be only one server behind the firewall.

I have added a firewall rule for dmz to wan (without nat), but I cannot get it working with only private IP on the bridge.

When I assign the bridge a public IP, the server behind gets internet access, but I don't want the firewall to have any public IP.

Have I configured something wrong?

Best Regards,

Helge P
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rfcat_vk over 5 years ago in reply to HelgeP

Hi,

the firewall will need a public IP address on its external interface to enable firmware updates for IPS, ant-virus etc.

What do you have between the XG and the internet?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 HelgeP over 5 years ago in reply to rfcat_vk

Hi,

attached you will find a network diagram how I want to configure the XG to act as a firewall only.
With a seperate out of band management port, which is configured with a private IP.

Through the same private IP the XG is able to reach the internet over a gateway.
The point is to get the XG not to route between IPs, it just should forward traffic between port2 and port3 with the ability of blocking certain Ports.

Best Regards,

Helge P
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 5 years ago in reply to HelgeP

Hi,

so if you do a what is my ip what is returned?
ian
Cancel
Vote Up 0 Vote Down

Cancel
0 HelgeP over 5 years ago in reply to rfcat_vk

Hi,

I don't get your question, because it has nothing to do with the configuration.

Best regards,

Helge P.
Cancel
Vote Up 0 Vote Down

Cancel