This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ and DNAT

Hi,
i'm trying to configure DNAT for a Test Web
in a DMZ but for some reasons i can not connect from outside to my test web located in a dmz, i made this config:

eth0: class B userlan
eth1: official IP using ISP
      router as def gw + proxy arp
eth2: class A DMZ Lan

Network Alias 1.1.1.1/27 to eth1 (DMZ WEB)

Definition: INT 192.168.1.0/24
            EXT 1.1.1.0/27 (fiktiv ip)
            DMZ 10.0.20/24
            Web 1.1.1.1/32 (fiktiv ip)

DNAT: PRE DNAT from EXT service HHTP
      POST DNAT to WEB service HTTP

Rules: any - any - web - allow
       any - any - dmz - allow

my arp tables shows me for 1.1.1.1 and 1.1.1.2 the same MAC (should be OK ?)

DO i need something else ? pls help

thanks in advance Matthias

This thread was automatically locked due to age.

0 Orjan Sandland over 23 years ago

Just curious about something.... you are using proxy arp, that means you are using publicly assigned ip addresses in both your INT and your DMZ?

Other than that... everything looks reasonable to me..

Ørjan
Cancel
Vote Up 0 Vote Down

Cancel
0 ClausP over 23 years ago in reply to Orjan Sandland

Hi,
why did you enabled proxy arp ? Do you have more public IP 's ?

Look at http://docs.astaro.org/asl-faq.pl#4009

Why did you use network alias ? It makes it much more complex than necessary ! ? ;-)

Look at http://docs.astaro.org/asl-faq.pl#4002

...your ip-adress-design looks very crazy ;-)

cheers
Claus ;-)
Cancel
Vote Up 0 Vote Down

Cancel