News: This forum is now permanently frozen.
Pages: [1]
Topic: dmz strange behaviour  (Read 1597 times)
« on: January 05, 2011, 19:10:06 »
turbo *
Posts: 7

Hi all,

I have setup a DMZ first time and the webservices (http, dns,mail)  are working from outside and inside the lan.  As I am running my DNS from the dmz host, this dns is used for resolving the services from the LAN side. I have a firewall rule in place to allow traffic from LAN to DMZ.

My setup:
monowall (1.3b14)  3 nics
LAN ips: 192.168.100.*
monowall 192.168.100.50
OPT1 nic 192.168.200.1

DMZ host ip config:
ip 192.168.200.10
gateway 192.168.200.1


My problem:
DMZ host is running webserver on 192.168.200.10
opening a browser address to ip of DMZ host 192.168.200.10 will result in connecting to monowall webgui which is set to 192.168.100.50 as above desribed.

Why am I not able to connect to my webserver's address ?
Or the other way around: Why am I connected to monowall's webgui ?

Do I expect something which is not possible or where do I mess up the settings ?

Any hints and help very appreciated
Johannes



 
« Reply #1 on: January 05, 2011, 21:15:55 »
brushedmoss ****
Posts: 446

Monowalls webgui will be accessible on the opt and lan interface ip addresses, I.e. 192.168.200.1

There is no reason that .10 would bring up the webgui unless there is a typo somewhere or you have something odd with NAT or the .10 host is serving up the webgui as a proxy ?
« Reply #2 on: January 06, 2011, 00:08:44 »
turbo *
Posts: 7

thank you for your quick answer. Meanwhile I could get it working, so that the dmz host would bring up the NAT-services.

The dns-ip for the dmz client (interface properties) was set to the ip of the DNS server running on the dmz client.
Even so the NAT-services running on this very one dmz client were set correctly in the dns software, it was still failing. Calling one of the NAT-services (website) from the dmz client resulted in presenting the monowall-gui .

Setting the dns-ip to the OPT1-ip (interface properties), enabling the monowall forwarder, setting the ISP's DNS server (!!) in "General setup > DNS " and placing the NAT-services ip in monowall did the trick.
This will NOT work when the dns server running in the dmz is set in "General setup > DNS " .

Johannes




 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines