This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ please

Hope somebody can help ...
I am trying to put a server on the DMZ of an ASL firewall. Now, this server has its own public IP, and should be visible from the outside through this IP, and conversely when it communicates with the outside it should be recognized via its own IP. The setup is:

ASL FW:
   Public:  222.xxx.yy.110
   Local Network:  192.168.130.1
   DMZ:  10.1.1.1

SERVER1 on DMZ
   Public:  222.xxx.yy.111
   Local Network:  10.1.1.16

SERVER1 has only one NIC, running on Linux.
Please help.
Thanks.

This thread was automatically locked due to age.

Parents

0 doug_p over 20 years ago

If it's public IP address is different from the main IP address on ASLs External interface, you have to configure two interfaces on eth1 (I'm assuming eth1 is the external NIC). So it would be something like this:

ASL FW:
External (222.xxx.yy.110 on eth1) (this is the existing external interface definition of Type Standard ethernet interface).
External_Server1 (222.xxx.yy.111 on eth1) (this one is of Type Additional address on ethernet interface)
Internal (192.168.130.1 on eth0) (existing internal local network)
DMZ (10.1.1.1 on eth2)

SERVER1 only has one IP address 10.1.1.16

Then you can set up SNAT and routing rules to insure that all traffic to/from 222.xxx.yy.111 on the internet goes to 10.1.1.16 on the DMZ.
Cancel
Vote Up 0 Vote Down

Cancel
0 Philmee95 over 20 years ago in reply to doug_p

And then in packet filter rules:
source: ANY
service: HTTP & HTTPS
Destination: Your Host you set up in Networks for you web server.
Action: Allow
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Philmee95 over 20 years ago in reply to doug_p

And then in packet filter rules:
source: ANY
service: HTTP & HTTPS
Destination: Your Host you set up in Networks for you web server.
Action: Allow
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data