I am running version of UTM 9.311-3 and today decided to setup a web sever in DMZ. I had 3 spare NICs in the UTM so I setup up one of them as a DMZ interface. Here is what I have so far:
eth0 - external
eth1 - DMZ (10.0.0.0)
eth2 - internal (192.168.2.0)
I have a DHCP for internal network with ..2.10 to 2.30 All devices use STATIC reserved DHCP addresses from ..2.100 to ...2.250.
I setup a DHCP for DMZ in a range of 10.0.0.10 to 10.0.0.20. The web server uses a reserved IP of 10.0.0.21.
I setup the Webserver protection by creating the real webserver and the virtual one and all is working fine and I am able to access the web page from external site. At the same time I cannot access any of my internal devices from DMZ, so far so good. My problem is that I cannot get outside from DMZ, like in the case to get server updates.
I have done the following:
1. Created a Masquerading rule that says DMZ network - external interface.
2. Setup a FW rule that says DMZ network -any - external(address) - allow
3. Created a FW rule that says Internal Network - any - DMZ network -allow This is working fine and I'm able to ping and ssh to the web server from internal network.
Trying to ping an external site or run sudo apt-get update from the web server in DMZ does not go anywhere. I also tried to put a FW rule that says DMZ network - any -Internal Network - allow [this is just to test out the rule (yes, I put it on top) but no matter what I enforce I cannot ping or access any internal devices from DMZ]
Am I missing anything?
Additional questions:
1.Does the webserver protection interferes with DMZ setup?
2. Should the DMZ network be included in the local networks for IPS?
3. Can I include the DMZ network under allowed netoworks under DNS global settings?
Thanks,
This thread was automatically locked due to age.
