Hi there,
got a problem and dont know how to solve it - tried for last 5 hours.
i have an ASGv8 (latest) with 2 phys. NICs - External to my Cable Modem (DHCP) and one internal w. 192.168.1.0/24.
Just set up a Server for Webserver usage with 192.168.2.2/24 as IP and added an "additional adress" under "Interfaces&Routing"->Interfaces->Additional Adresses->New with Name "DMZ" on Interface "Internal" with ipv4 address 192.168.2.1 (255.255.255.0) as well as an IPv6 Adress but thats not the point here.
then i added a DNS Reverse Entry for that Machine with name dmzhost.dmz and its IPv4 and v6 Adress (name resolution works)
Then i added 2 Packet Filter Rules 1. Internal (DMZ)(v4/v6)->Any->External(v4) and Internal(DMZ)(v4/v6)->Any->IPv6 Broker(v6)
and a NAT Entry for Internal(DMZ)->External
but no NAT for ipv6 because not available/dont needed.
i can ping www-hosts from this dmz machine, can connect from LAN->dmz machine via SSH but cannot http/ssh from dmz to external (Packet Filter Drops packages) but can traceroute and ping to external.
using http proxy in transparent mode for dmz works - but wont use it.
anyone has an idea why those PF Rules didnt work? for testing i set up a rules on 1 in the PF List which means any->any->any allow - this worked for dmz->external....
Thanks for any help!
This thread was automatically locked due to age.