DMZ connection problem

Hi together,
i have a webserver with fqdn in orange DMZ zone.
From the internet with fqdn(cname -> dyndns, port80,443) i can reach the webserver perfectly, but if i try to connect the webserver with the fqdn from the green LAN zone, he doesn’t respond.
Do i need to configure something extra? Do someone have some hints for me?
Thank you.


Good morning @aveek

May be this help you:


1 Like

I think, i find my configuration error.
My rule to DMZ Orange IP Port 80 was only from RED, i changed it to ANY, now it is working. (see down)
I can connect from Green and Blue. But can someone tell me, that this is the right way to configure it?
Thanks a lot.


Hi again @aveek

With that rule you have published that object to the Internet and anyone who finds your Public IP, can try to access that Private IP.

A rule that you should always try to apply to Computer Security is to reduce the “Attack Surface” as much as possible.

If IP is a private resource that should only be accessed from Blue and Green, the rule is too permissive.

I like to play more than with IPs, with objects. I explain:

First, it is to see more settings in the Firewall. To do this, you must go to “Firewall -> Firewall options” and check this box.

You will see that more configuration options are seen.

Second. To create the Objects you must go to “Firewall -> Firewall groups”.

In “Hosts” create an object called “Server” with the IP “”

In “Networks / Hosts groups” you must create an object that has both Blue and Green.

And in “Firewall rules” create the correct rule.

In this case, being internal networks that IPFire knows, I do not think it is necessary to activate “NAT”.

Try it and tell us.