You need a third network card in your ASL box to do this. The card needs to be present prior to installing ASL, so that the install program will find it and configure for it. This network card then becomes the source of a separate subnet. As such it should have the IP address xx.yy.zz.1, where xx.yy.zz is different net number from what you are using on your Internal network.
Connect this circuit to a switch or hub, and connect the web server to the same switch or hub. Give the web server an IP address of xx.yy.zz.2, with a default gateway of xx.yy.zz.1.
Create a host network definition for xx.yy.zz.2.
Create a masquerading rule on your ASL box that masquerades the DMZ network behind the External interface. This allows the web server, and any other machine on the DMZ network, to see out to the Internet.
Create a SNAT masquerading rule mapping port 80 on the External Interface to the host you defined with the address xx.yy.zz.2. This sends the HTML traffic arriving at your External interface on to your web server.
Create a packet filter rule that allow inbound TCP traffic to port 80 to reach the DMZ network.
Create another packet filter rule to allow outbound traffic from the DMZ network to reach the Internet.
You need a third network card in your ASL box to do this. The card needs to be present prior to installing ASL, so that the install program will find it and configure for it. This network card then becomes the source of a separate subnet. As such it should have the IP address xx.yy.zz.1, where xx.yy.zz is different net number from what you are using on your Internal network.
Connect this circuit to a switch or hub, and connect the web server to the same switch or hub. Give the web server an IP address of xx.yy.zz.2, with a default gateway of xx.yy.zz.1.
Create a host network definition for xx.yy.zz.2.
Create a masquerading rule on your ASL box that masquerades the DMZ network behind the External interface. This allows the web server, and any other machine on the DMZ network, to see out to the Internet.
Create a SNAT masquerading rule mapping port 80 on the External Interface to the host you defined with the address xx.yy.zz.2. This sends the HTML traffic arriving at your External interface on to your web server.
Create a packet filter rule that allow inbound TCP traffic to port 80 to reach the DMZ network.
Create another packet filter rule to allow outbound traffic from the DMZ network to reach the Internet.
