This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ not working

please can someone point me in the right direction. I am trying to create a DMZ network, but im having some problems.

My astaro appliance has 3 network devices.

eth0 external network: external IP
eth1 internal network :192.168.1.254/24
eth2 dmz network: 192.168.2.254/24

I have 2 masquerading rules

internal network -> External (WAN)
DMZ network -> External WAN

I have a one machine connected to the dmz network with an ip 192.168.2.10. This machine can ping 192.168.2.254.

I have a packet filter rule for the dmz network

DMZ network -> all protocols -> any network (I will restrict this when I get it working)

Problem is I cant get the machine in the dmz to talk to the outside world. No DNS or http. I have enabled logging on the paket filter rule but I see no dropped or accepted packets for the dmz network.

IPS is disabled

Am I missing a step to get this working?

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

If you want to allow the DMZ to use the HTTP and DNS Proxies, then you need to add it to 'Allowed networks' for each one.

If you have pings allowed on the ICMP tab of Packet Filter, you should be able to ping external addresses by IP address even without DNS resolution - can you?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 16 years ago

If you want to allow the DMZ to use the HTTP and DNS Proxies, then you need to add it to 'Allowed networks' for each one.

If you have pings allowed on the ICMP tab of Packet Filter, you should be able to ping external addresses by IP address even without DNS resolution - can you?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data