This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with DMZ

Hello everybody (sorry for my english, but i am a german)

I am a ASL tester. We have a Ip Pool: 62.159.147.1 to 62.159.147.254 because we are a provider. our servers are on 62.159.147.1 to 62.159.147.103 (with virtual hosts on webserver).

intern to extern (internet) is okay but dmz to extern dosnt functional.

My datas are:

intern:eth0 ip:192.168.1.2 subnet:255.255.255.0
extern:eth1 ip:62.159.147.15 subnet:255.255.255.0
dmz:eth2 ip 62.159.147.129 subnet:255.255.255.128
gateway:62.159.147.1

networkdefinitions:
intern:192.168.1.0 255.255.255.0
dmz:62.159.147.128 255.255.255.128

DNAT and SNAT isnt active

Masqerading:
intern --> extern
dmz --> extern

Rules:
intern DNS any allow
intern HTTP any allow
intern Telnet any allow
intern FTP any allow

ok thats it!

can you give me an answer for my problem?

Please help

This thread was automatically locked due to age.

Parents

0 squeeze over 23 years ago

you have a subnet-problem

your external interface covers the whole subnet, which includes your dmz (half class c).

either use a private net in your dmz and dnat the services from offical ip's (aliases) of your asl - or ask your isp to split the class c network, so it's routable to your dmz.

another question coming up: do you really have your webservers connected to the net directly? where is the firewall for?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 squeeze over 23 years ago

you have a subnet-problem

your external interface covers the whole subnet, which includes your dmz (half class c).

either use a private net in your dmz and dnat the services from offical ip's (aliases) of your asl - or ask your isp to split the class c network, so it's routable to your dmz.

another question coming up: do you really have your webservers connected to the net directly? where is the firewall for?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data