With these following filter rules, i can access my dmz from the outside. But when i try to access the dmz from the internal private network i get a connection refused message. ( this is only when i use the outside ip; using the internal ip works ) also the ip for the internal private net is not the same as the ip im using with binat for the dmz side.
diagram:
Any ideas?
EDIT: SOLVED!! had to add a rdr on the internal interface
diagram:
Code:
internet
|
|
firewall ( openbsd ) ------ DMZ ( where server is )
|
|
Local Network ( me )
Any ideas?
Code:
# nat / binat
binat on $ext_if from $mailserver_int to any -> $mailserver_ext
binat on $ext_if from $webserver_int to any -> $webserver_ext
nat on $ext_if from $int_net to any -> $ext_if
# rdr
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to $ext_if port 25 -> $mailserver_int port 25
rdr on $ext_if proto tcp from any to $ext_if port 80 -> $webserver_int port 80
# default block
block in log all
block out log all
# inbound external if inbound
pass in on $ext_if proto tcp from any to $webserver_int port { 25, 80 } flags S/SA keep state
# outbound external if
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
# outbound dmz_if
pass out on $dmz_if proto tcp from any to any port { 25, 80 } flags S/SA keep state
# inbound internal_if
pass in on $int_if from $int_if:network to any keep state
EDIT: SOLVED!! had to add a rdr on the internal interface