Hello, all.
I am attempting to set up a simple firewall configuration that shields a web server behind an Astaro ASG v7 firewall, so that users can get to the server at a public address (let's say 129.155.0.35), which is natted to a private address (10.20.200.74 - fictitious, as well), using either http or https.
Simple so far, right?
The current configuration that I am struggling with has HTTP proxy enabled, has DNAT enabled (129.155.0.35 -> 10.20.200.74), has masquerading enabled (10.20.200.64/26 -> External Interface [to Internet]) , and has two packet filter rules, one that says (IP) Any & (Port) HTTP -> 10.20.200.74, and the other that says (IP) Any & (Port) HTTPS -> 10.20.200.74.
I now have TCPDUMP running in a separate window for each interface on the firewall, so I can see all of the traffic for each interface separately.
When I attempt to open a web browser (from an entirely separate computer) with the target address of 129.155.0.35, in the TCPDUMP window representing the Internet interface I see the http (or https) traffic arrive, and I see the dnat step which converts the 129.155.0.35 address to the natted 10.20.200.74 address, in the same TCPDUMP window, but I never see any TCPDUMP activity on the other (DMZ) interface. I have even put up Wireshark on the 129.155.0.35 server, but I never see any activity on that screen either.
Based on the symptoms, I am convinced that I've got something hosed up at the firewall itself, but I'm not sure what. I'm guessing it could be a static route problem, but I don't know what are the essential characteristics of the necessary static routes that I would need to make this thing work.
By the way, these addresses are fictitious, but their address class and arithmetic significance is accurate.
So my question is, what would have to be in the static routes table to make this thing work correctly?
This thread was automatically locked due to age.
