Help with rules from DMZ to Internet with limited LAN access
-
Hello everyone!
I have a computer (anti-spam) on my DMZ, exposed to the internet with a NAT on one of my WANs.
I have a working rule that allows you to communicate with two IP addresses on my LAN and nothing else. So far, so good.
Now, I need that computer to be able to connect to the Internet, but not to the rest of my LAN.
If I set up a DMZ to any rule it connects to the internet but also to the entire LAN.
How and where do you recommend that I set up the rules to communicate to the Internet and only to the IP addresses of my LAN that I tell you?
Thank you very much for any hint!
Warm greetingsGabriel
-
Add a rule that denies access to the LAN from this machine, and have it processed before the allow all rule?
-
Add a rule that denies access to the LAN from this machine, and have it processed before the allow all rule?
^^ this
Check out the attached screenshot, replace TEST net with DMZ net, g_ip_local contains my local IP addresses.
-
Add a rule that denies access to the LAN from this machine, and have it processed before the allow all rule?
^^ this
Check out the attached screenshot, replace TEST net with DMZ net, g_ip_local contains my local IP addresses.
Thank you very much for the tip! I'm gonna try it and then come back and tell you how it went.
Best regards! -
I might add that a nice approach is to generate an alias with the whole RFC1918 networks and explicitly block connections from DMZ to this alias before the allow to internet rule