View Single Post
  #3   (View Single Post)  
Old 27th September 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

When a DMZ configureation does not work, it usually is the routing. The server in the DMZ needs to have the default route set to the DMZ NIC of the firewall. Of course the NAT needs to handle both the external IP <--> DMZ and internal LAN <--> DMZ traffic.
What is the output of # netstat -rn -f inet?

If a client on the LAN tries to connect to the DMZ server, does tcpdump on the server show these incoming requests? Do you see the server sending reply packets?

BTW in these cases a network diagram is always helpful
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote