[Firewall] Port forwarding natted DMZ to natted LAN
khenderick at plesetsk.be
Sun Oct 11 17:11:30 CEST 2015
I have issues getting devices in my DMZ to reach a certain service on a
device insite my LAN.
* DMZ: 192.168.17.0/24
** For devices I don't trust (TV, guest wifi, ...)
* LANs: 192.168.(25,33,34,35,41).0/24
* My firewall/router is configured to NAT between public internet and DMZ
and the 192.168.25.0/24 LAN. Between the LANs themself, routing is provided
by my layer 3 switch
* Until now, devices in the DMZ and LANs cannot access eachother (which
generally speaking is good)
What I want to achieve: I want one devices on the DMZ to reach a service
running on a server inside one of the LANs. That is, DMZ device
192.168.17.50 should be able to access 192.168.35.52 port 8086.
My guess was DMZ_LAN_HOST_OPEN_TCP="192.168.17.50>192.168.35.52~8086" but
that doesn't seem to work.
Below is some debug information, please note that current port forwards
from internet to LAN have been redacted to e.g. 111, 222, 333, ...
* My full configuration file:
* Output of arno-iptables-firewall status:
Can somebody help me out?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Firewall