Hi,
I have one single Server on the DMZ-Interface. I want to get Some Ports (eg. 80,443) forwarded to this.
So, i created a NAT-Portfforwading rule:
Interface: WAN
Target: Wan Adress
Target Ports : 80,443
Redirect Target IP: [IP of my Webserver]
Redirect Target Ports: 80,443
This created an automted rule on WAN:
Source: any
Source port: any
Target: [IP of my Webserver]
Target Ports: 80,443
As this "Server" is in the DMZ, i created a rule on the DMZ-Network, to allow Access to my webserver.
Question: is the rule on the dmz-interface really needed? on the WAN-Interface, traffic for the ports for my webserver is allowed.
In iptables (yes, i know...) i would also have to set an allow-rule for that Interface.
Thx,
Roger
QuoteAs this "Server" is in the DMZ, i created a rule on the DMZ-Network, to allow Access to my webserver.
Or you can use NAT reflection if you need to access this webserver also from LAN.
QuoteQuestion: is the rule on the dmz-interface really needed? on the WAN-Interface, traffic for the ports for my webserver is allowed.
Only if you need http(s) access to the server from LAN too, and you don't use NAT reflection (see upon).
It might help you if you imagine yourself as a policeman standing in the middle of an intersection:
Policeman - the router making routing decisions
Junction/ Intersection - The router equipment, as a whole.
Roads - NICs (Network Interface Cards)/ Connections themselves.
Cars - Data Packets
Make each rule following the "from where - getting in by which road - getting out by which road - to where" way of thinking, and most of the time you would have no problems in setting up your router.
Hi Hitiucip,
Thanks for both eplanations, now thats quite clear! The policmen in my case is the dmz-interface, which stops or allows the traffic to that "Zone".
Roger
You are the policeman! ALWAYS!(!) :)
Named "dmz-interface" is a road, one of the many you have getting into your intersection (meaning, "router"). ;)
Thanks a lot :)