So I've setup a DMZ on my astaro and home network.
My Astaro is running on VMWare ESXI 4.1 with a Virtual VLan setup on the virtual switch for it and the DMZ devices exist on both the physical and virtual networks. Overall my DMZ functions just fine. I have rules setup to allow very specific traffic access from my DMZ to the internal network. i.e. HTTP traffic mainly since my proxy webserver sits in my DMZ. But anywho lets talk about the 2 problems that I have and their so odd.
1. I have a winders box sitting in the DMZ and I want to be able to RDP from external to it. I have a NAT rule setup to allow me to RDP to it but for whatever reason in the logs it keeps getting the default drop. The RDP is on a different port than 3389 but my NAT rule is setup to tunnel the traffic from the external RDP port over to the standard RDP port for the server. In the firewall log I can see the request come in for the external port but then immediately following it is a request coming in from the external to the standard port. My other windows box which is currently on the internal network (soon to move to the DMZ once I figure this out) has the same type of NAT rule and it works just fine.
2. The other problem I have is that for whatever reason the winders server in the DMZ cannot access external HTTPS content. I have a masquerading rule setup for it and it can access HTTP traffic all it wants but as soon as it tries to go somewhere that is secure Astaro just won't let it go. I do have the appropriate firewall rules setup to allow DMZ Network access to external for HTTP and HTTPS but it appears as though my rule is not being acknowledged. I'm sure that I just have some check box or something simple missing.
Thank you all in advance for your help with this.
My Astaro is running on VMWare ESXI 4.1 with a Virtual VLan setup on the virtual switch for it and the DMZ devices exist on both the physical and virtual networks. Overall my DMZ functions just fine. I have rules setup to allow very specific traffic access from my DMZ to the internal network. i.e. HTTP traffic mainly since my proxy webserver sits in my DMZ. But anywho lets talk about the 2 problems that I have and their so odd.
1. I have a winders box sitting in the DMZ and I want to be able to RDP from external to it. I have a NAT rule setup to allow me to RDP to it but for whatever reason in the logs it keeps getting the default drop. The RDP is on a different port than 3389 but my NAT rule is setup to tunnel the traffic from the external RDP port over to the standard RDP port for the server. In the firewall log I can see the request come in for the external port but then immediately following it is a request coming in from the external to the standard port. My other windows box which is currently on the internal network (soon to move to the DMZ once I figure this out) has the same type of NAT rule and it works just fine.
2. The other problem I have is that for whatever reason the winders server in the DMZ cannot access external HTTPS content. I have a masquerading rule setup for it and it can access HTTP traffic all it wants but as soon as it tries to go somewhere that is secure Astaro just won't let it go. I do have the appropriate firewall rules setup to allow DMZ Network access to external for HTTP and HTTPS but it appears as though my rule is not being acknowledged. I'm sure that I just have some check box or something simple missing.
Thank you all in advance for your help with this.