Installed DMZ - error on my config
-
Have a basic setup with 3 interfaces:
WAN 173.99.999.100 /29 ,
LAN 192.168.0.1/24 , and
OPT1 192.168.1.1/24 (DMZ web server)-Virtual IP created as proxy arp : 173.99.999.102 / 32 on WAN interface (public static IP)
Im just trying to setup http/s access to the DMZ, but an still unable to access it from outside my LAN.
Rules / NAT created are shown in screenshots.
Side note:
I dont have any rules under my DMZ currently. All the rules shown are on the WAN interface only, other than the automatic rule for wan access for the lan subnet. Not sure if the rules I created should be on DMZ interface as opposed to WAN.What am I missing? Still am unable to access http site from outside my lan…PLUS I also cannot SSH into my DMZ box from within my lan.
Thanks.
-
Few things to try or fix:
Turn on logging in the firewall rule and see if anything is generated in the log when you try to connect from the outside.
On that outbound NAT rule change the destination to any, the rules are only for outbound traffic and destination literally means the destination address of an outgoing connection. Keep the interface on that rule as WAN because that's the interface your outgoing traffic will be leaving.
Allow everything on DMZ interface for now, tighten the rules later when everything is working.
You probably want only ports 80 and 443 forwarded, not the whole range 80-443.
-
Roger that. Thanks for the tip. Already changed that 80-443 mishap on my end….will report back shortly. Appreciate the help
-
Bravo. That did it….Working now. Now, as you said, just need to tighten it up a bit. Thank you for your assistance....