Hi together,
i have a webserver with fqdn in orange DMZ zone.
From the internet with fqdn(cname -> dyndns, port80,443) i can reach the webserver perfectly, but if i try to connect the webserver with the fqdn from the green LAN zone, he doesn’t respond.
Do i need to configure something extra? Do someone have some hints for me?
Thank you.
Greetings
Good morning @aveek
May be this help you:
https://wiki.ipfire.org/configuration/firewall/rules/dmz-holes
Regards.
I think, i find my configuration error.
My rule to DMZ Orange IP 192.168.192.10 Port 80 was only from RED, i changed it to ANY, now it is working. (see down)
I can connect from Green and Blue. But can someone tell me, that this is the right way to configure it?
Thanks a lot.
Greetings
Hi again @aveek
With that rule you have published that object to the Internet and anyone who finds your Public IP, can try to access that Private IP.
A rule that you should always try to apply to Computer Security is to reduce the “Attack Surface” as much as possible.
If IP 192.168.192.10 is a private resource that should only be accessed from Blue and Green, the rule is too permissive.
I like to play more than with IPs, with objects. I explain:
First, it is to see more settings in the Firewall. To do this, you must go to “Firewall -> Firewall options” and check this box.
You will see that more configuration options are seen.
Second. To create the Objects you must go to “Firewall -> Firewall groups”.
In “Hosts” create an object called “Server” with the IP “192.168.192.10”
In “Networks / Hosts groups” you must create an object that has both Blue and Green.
And in “Firewall rules” create the correct rule.
In this case, being internal networks that IPFire knows, I do not think it is necessary to activate “NAT”.
Try it and tell us.
Greetings.
