What is the proper way to publish a webserver on ASL. Have to publish many site on different ip on the external if from my DMZ. Do I have to do both DNAT/SNAT ?
if it is a web server only you'd only need to configure DNAT. If you have e.g. a SMTP server which has to initiate connections you'd need both, DNAT and SNAT. For incoming traffic DNAT for outgoing SNAT!!!
In addition you need packet filter rules, allowing traffic from and to the NATted servers.
Please note trhat you always have to use the internal addresses for filtering, because DNAT happens before filtering and SNAT after filtering!
