Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 1921 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local network unable to view DMZ webpages

bernieb
Have local network 192.***.***.***, DMZ 10.***.***.***, Public 69.***.***.***, each on a unique interface on the Astaro V8. Have 2 webservers in the DMZ, DNAT public ip to DMZ ip allowing port 80 and port 443. The webpages on these servers render fine to anyone from outside our network but the pages will not render http or https from inside the local network. Other web requests to outside networks work just fine. Can ping the DMZ 10. from the Local 192. Tried ip's instead of names, both 443/80, neither worked. Any help appreciated... Thx, B


This thread was automatically locked due to age.
Parents
  • 0
    Hi Bob, thanks for the reply! We are using the Sophos Web Filtering Appliance and I turned off the static policy route pointing all web traffic there in the Astaro to take the web app out of the equation temporarily... (still seeing the same results bypassing the web filter and heading straight out/all outside sites render fine, can't see the ones in the DMZ locally.
    Here is the traffic from the firewall log file:

    2012:08 cc***-1 ulogd[6365]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="60021" initf="eth5" mark="0x3000000" srcmac="xx:xx:xx:b:ee:3" dstmac="xx:xx:xx:f0:88:85" srcip="192.168.***.***" dstip="64.220.***.***" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="50043" dstport="443" tcpflags="SYN" 
    2012:08:21-14:00:08 cc***-1 ulogd[6365]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth5" outitf="eth5" mark="0x3000000" srcmac="xx:xx:xx:b:ee:3" dstmac="xx:xx:xx:f0:88:85" srcip="192.168.***.***" dstip="10.1.***.***" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="50043" dstport="443" tcpflags="SYN" 
    2012:08:21-14:00:08 cc***-1 ulogd[6365]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="60021" initf="eth5" mark="0x3000000" srcmac="xx:xx:xx:b:ee:3" dstmac="xx:xx:xx:f0:88:85" srcip="192.168.***.***" dstip="64.220.***.***" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="50044" dstport="443" tcpflags="SYN" 
    2012:08:21-14:00:08 cc***-1 ulogd[6365]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth5" outitf="eth5" mark="0x3000000" srcmac="xx:xx:xx:b:ee:3" dstmac="xx:xx:xx:f0:88:85" srcip="192.168.***.***" dstip="10.1.***.***" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="50044" dstport="443" tcpflags="SYN" 


    Thanks,
    Bernie
Reply
  • 0
    Hi Bob, thanks for the reply! We are using the Sophos Web Filtering Appliance and I turned off the static policy route pointing all web traffic there in the Astaro to take the web app out of the equation temporarily... (still seeing the same results bypassing the web filter and heading straight out/all outside sites render fine, can't see the ones in the DMZ locally.
    Here is the traffic from the firewall log file:

    2012:08 cc***-1 ulogd[6365]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="60021" initf="eth5" mark="0x3000000" srcmac="xx:xx:xx:b:ee:3" dstmac="xx:xx:xx:f0:88:85" srcip="192.168.***.***" dstip="64.220.***.***" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="50043" dstport="443" tcpflags="SYN" 
    2012:08:21-14:00:08 cc***-1 ulogd[6365]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth5" outitf="eth5" mark="0x3000000" srcmac="xx:xx:xx:b:ee:3" dstmac="xx:xx:xx:f0:88:85" srcip="192.168.***.***" dstip="10.1.***.***" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="50043" dstport="443" tcpflags="SYN" 
    2012:08:21-14:00:08 cc***-1 ulogd[6365]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="60021" initf="eth5" mark="0x3000000" srcmac="xx:xx:xx:b:ee:3" dstmac="xx:xx:xx:f0:88:85" srcip="192.168.***.***" dstip="64.220.***.***" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="50044" dstport="443" tcpflags="SYN" 
    2012:08:21-14:00:08 cc***-1 ulogd[6365]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth5" outitf="eth5" mark="0x3000000" srcmac="xx:xx:xx:b:ee:3" dstmac="xx:xx:xx:f0:88:85" srcip="192.168.***.***" dstip="10.1.***.***" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="50044" dstport="443" tcpflags="SYN" 


    Thanks,
    Bernie
Children
No Data