Stupid DMZ Networking Question

metallica1973 · 09-13-2007, 01:16 PM

If I have allowed only certain traffic (IPTABLES) into my DMZ then just those ports should be able to access that specific service on the forwarded device on the DMZ. Ex. TCP 80 VOIP web server on my DMZ. So my question is:

If I am outside my network and lets say I wanted to access port 80 on my DMZ from that outside how does one do that: EX. external_IP:80

I am confused?

andrewdodsworth · 09-13-2007, 03:44 PM

Apart from opening ports to the DMZ and allowing traffic in (and replies back out) you will also have to do DNAT so that any source IP with address of your external IP port 80 gets altered to destination your DMZ server IP port 80.

metallica1973 · 09-13-2007, 08:19 PM

adding a prerouting statement with DNAT would do that but what I mean is, lets say that everything is ok on the firewall/router then how would I access that service externally?

andrewdodsworth · 09-14-2007, 11:51 AM

I don't think I understand your problem as I just thought you wanted to route something from external IP to DMZ machine. For example if your external IP is 212.23.100.100 and you have DNAT rule to change that to your DMZ machine which is 10.0.0.100, then from the outside you point your application at 212.23.100.100. Is it something else?

metallica1973 · 09-14-2007, 01:08 PM

I had a major brain fart. I just realized how stupid of a question is was that I really ask. Many thanks