This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ DNAT SNAT 3 Interfaces

Hello I have the following setup and I can not get it to work.  [:(]

External Nic IP : 65.212.60.x
Private Nic IP : 192.168.1.1
     DMZ Nic IP : 192.168.2.1

I have a Web server and a Mail Server that are in the DMZ Network.  They have a DMZ ip of 192.168.2.55 and 192.168.2.56.  I am trying to use DNAT and SNAT to forward anything coming from 65.212.60.55 to go to 192.168.2.55 and the same for the Mail Server.  I have the routing on the router all pointing to the external ip of the firewall but I can't get DNAT and SNAT to work correctly. Please Help!!

Thank you,
Travis

This thread was automatically locked due to age.

0 ollion over 23 years ago

Travis,

DEFINITIONS/NETWORKS:
define 65.212.60.55 as external-interface
define 192.168.2.55 as web-intern

NETWORK/DNAT:
external-interface HTTP web-intern HTTP
external-interface SMTP web-intern SMTP

NETWORK/SNAT:
web-intern SMTP ANY external-interface

if you use the real external ip of your firewall
masquerading would work, too.

PACKET FILTER/RULES:
ANY HTTP web-intern ALLOW
ANY SMTP web-intern ALLOW
web-intern SMTP ANY ALLOW

of course if you have two different servers
you have to customize the rules ;-)

Hope I could help
ollion
Cancel
Vote Up 0 Vote Down

Cancel