Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 4387 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Confused: Accessing Internal or DMZ Webserver from Internal network

Dwayne_01
I've created a Full NAT rule "similar" to the suggested rule below. Everything seems to work fine, but I believe I am getting spoofing notification in my packet filter from not setting it up 100% correctly. The only thing that confuses me is the "Source: ASG Internal" is this the ip of the Astaro Gateway internal address? If so it doesn't work for me. My rule (attached to this message) works but I get spoofed packets.

Thanks,
Dwayne

Name: Webserver Full NAT for internal redirect
Traffic Source: Internal(network)
Traffic Service: HTTP
Traffic Destination: External(Address)
NAT mode: Full NAT
Destination: Internal Server address
Destination: Service: leave blank
Source: ASG Internal(address)
Source Service: Leave blank
Automatic packet filter rule: Check


This thread was automatically locked due to age.
Parents
  • 0
    Hi, you don't need NAT to access DMZ from LAN, just packetfilter rules.

    Accessing LAN from LAN is more difficult; the best way to set it up is with internal DNS resolving to the server's internal IP.
    You can setup DNS entries on Astaro if you don't have an internal DNS server.

    Barry
  • 0 in reply to BarryG
    Hi, you don't need NAT to access DMZ from LAN, just packetfilter rules.

    Accessing LAN from LAN is more difficult; the best way to set it up is with internal DNS resolving to the server's internal IP.
    You can setup DNS entries on Astaro if you don't have an internal DNS server.

    Barry


    I agree, but with my current network setup I need to figure out the Astaro Full NAT way of doing this.

    Dwayne
Reply
  • 0 in reply to BarryG
    Hi, you don't need NAT to access DMZ from LAN, just packetfilter rules.

    Accessing LAN from LAN is more difficult; the best way to set it up is with internal DNS resolving to the server's internal IP.
    You can setup DNS entries on Astaro if you don't have an internal DNS server.

    Barry


    I agree, but with my current network setup I need to figure out the Astaro Full NAT way of doing this.

    Dwayne
Children
No Data