After setting up our Astaro 120 in our buisness network we are trying to figure out how to move our server(s) into the DMZ without having to change all client configs. So I thought about changing the server's IP, move it into the DMZ, add a IP to the internal interface with the former IP of our server and pass through traffic with DNAT.
Current network config:
Internal - eth0 - 192.168.0.x
External - eth1 - DSL
DMZ - eth2 - 192.168.2.x
Server in DMZ: 192.168.2.247
Additional internal address: 192.168.0.247
DNAT for all services from additional internal address to server IP in DMZ.
This works so far. Problem now seems to be that traffic seems to bypass the filters. Connecting to the additional interface on port 80 gives back pages although I set a rule to reject. Additionally, I can't seem to figure out how to reject direct connections to 192.168.2.247 from the internal network....
Any ideas/suggestions?
This thread was automatically locked due to age.
