DMZ Servers not talking to eatch other

Hello all

My IPFire box is setup with GREEN ORANGE & RED networks.
I have a block of 5 WAN IP’s and a number of servers\services running in the ORNAGE network.

Every thing is seemingly working grate in terms of GREEN access to ORANGE and RED to ORANGE for services running on said servers with multiple NAT rules setup to allow access from RED on specific WAN IP’s/Ports from my block of 5…

My issue is that I am struggling to get two of these servers to talk to each other on the ORANGE network via there WAN IP’s.

There are two servers in question both are running Nethserver 8 and I am trying to cluster them together, but when I try I get an error stating that the process has timed out trying to connect via HTTPS on its FQDN.

Both servers can ping each other locally via internal IP but there trying to connect to each other via there WAN IP’s. This is shown by the error message stating the FQDN when trying to cluster and also when trying to ping each other by name via the terminal as this returns with each servers respective WAN IP but with no response to ping.

Both of these servers have working NAT rules to allow traffic to HTTP and HTTPS from RED and each is assigned an IP from the block of 5.

I have tried adding a couple of rules to see if I could get them talking but so far have failed and I’m no expert. So if any one has any suggestions it would be most appreciated.

I don’t think that editing there host files to point to each others local address is the way to go as both systems have LetEncrypt certs via there WAN address but I am open to advice.

I hope I have provided enough information but please say if I’ve left out crucial info. Screen shot provided so you can see how I’ve setup NAT rules in case that’s my issue. Servers halo and nebula as the ones in question.

Thanks in Advance

D

But that is the proper solution to put the FQDN name with local ip in the host file of bind9 (hosts page in IPfire) and in /etc/hosts on the machines.
I recommend also adding the www. prefix name entry too. So your hostedsite.com and the www.hostedsite.com resolves with the orange ip address.

In regards to the firewall, its just used to set up forwarding and blocking ports you want to restrict from public.

Thank you for your answer.

If the consensus is that I should in fact edit the host files on these servers then I shall give it a go.

As for adding the info to the host section of IPFire, I have done so but with out the www.prefix. I shall go though and add these.

Of course server’s in DMZ don’t use IPFire as DNS

Thanks again for your time

IPFire DNS resolves the endpoints for any network to servers. The only time you have to use the DNS of ipfire exclusively is if you were hosting multiple web sites with one public ip address. Which this would normally be a Nginx web hosting with all sites on the same server.