Hi,
I have two problems (asl 5.022):
1. Problem: connect extern -> dmz-webserver:
I'm unable to connect to my webserver in the dmz from extern (neither public-ip nor dyndns) using https.
The configuration is:
3 NICs
intern: 192.168.2.0/24 (eth0: 192.168.2.1)
dmz: 192.168.3.0/24 (eth1: 192.168.3.1)
extern: dynamic via ISP
webserver in dmz: 192.168.3.2 (wie-www), gw: 192.168.3.1
pc in internal: 192.168.2.1 (wie-win), gw: 192.168.2.1
so each machine in the two subnets points to the firewall nics.
Two entries in Network>>NAT Masquerading:
A. from internal network -> extern (working):
dslmasq Internal (Network) -> All / All MASQ__extern None
B. from extern -> dmz (problem):
dmzdnat
rule-type: DNAT/SNAT
packages to match: source-address: any, destination-address: extern (address), service: https,
change source to: Adress ::no change::
change destination: address: wie-www, service-destination: ::no change::
and a packet-filter rule:
source, service, action, destination
Any, HTTPS, allow, wie-www
when logging in to dyndns it tells the correct ip-address of my public-up. I changed the port of webadmin from https to another unused port, so it cannot be in conflict to the https-port of the dmz-webserver.
2. Problem: ssh-connect from intern -> wie-www (dmz)
configured rule ssh allow intern -> wie-www
but cannot connect. tried it with ping from firewall:
firewall (192.168.3.1) wie-www (dmz) (192.168.3.2) working
firewall (192.168.2.1) pc (internal) (192.168.2.2) working
pc (internal) wie-www (dmz) not working
this problem is a routing problem from 192.168.2.0 -> 192.168.3.0 and back. But I don't know how to setup using asl-tools and not using route add ....
Thank you very much for help.
Regards, Juergen
This thread was automatically locked due to age.