Help getting DMZ+reverse-proxy working
Hi, I have the following setup: LAN: 192.168.0.0/24 DMZ: 10.0.0.0/24 Internet: some DSL-connection, real IP. looks like this internal (192.168.0.0/24) ^ | | <----Internet----|FW|-->DMZ----10.0.0.0/24 I want to be able to access the webserver in the DMZ via port 443 (which works) and then reverse-proxy these requests to some internal IP on 192.168.0.0/24. That doesn't work. Here's what I have so far: FW_QUICKMODE="no" FW_DEV_EXT="eth-id-00:01:03:4c:cd:c0" FW_DEV_INT="eth-id-00:a0:24:a8:fb:a4" FW_DEV_DMZ="eth-id-00:04:76:13:6d:e5" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_EXT_RPC="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_DMZ_RPC="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_INT_RPC="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="0/0,10.0.0.x,tcp,443 10.0.0.x,192.168.0.y,tcp,80" FW_REDIRECT="" Any ideas how to do that ? Or do I need a real IP also in the DMZ ? cheers, Rainer -- =================================================== ~ Rainer Duffner - rainer@ultra-secure.de ~ ~ Freising - Munich - Germany ~ ~ Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===================================================
participants (2)
-
Dirk Schreiner
-
Rainer Duffner