Redirecting request from DMZ IP to Internal IP

[jeremyl]

I am 9/10 done migrating away from ISA Server but I have one last hurdle which I hope someone can help me with.

I am trying to setup so that any requests from the DMZ on 192.168.100.101:8530 gets re-directed to 192.168.0.211:80.

I have tried setting up a "Port Forwards" eg.

Source Interface: DMZ
Destination Address: 192.168.100.101
Protocol: TCP
Destination Port: 8530
New Destination: 192.168.0.211
New Port: 80

Since in the firewall my last rule is to block everything which is similar to ISA Default rule I have made an additonal rule:-

Source Interfance: DMZ
Destination: 192.168.0.211
Protocol: TCP
Port: 80

Also to add since I wanted each DMZ to be separate but I still wanted Internal to access the server I setup Networking" - "Advanced" - "Packet Filter" so that it would "reject DMZ to INT"

Hopefully someone can help me with a solution

[jeremyl]

Currently was testing this scenario with a laptop with IIS enabled on:-

192.168.0.211 (Internal Link) - Running Website on Port 80
Default Gateway: 192.168.0.1

A 2nd Laptop on:-

192.168.100.168 (DMZ Link)
Default Gateway: 192.168.100.1

Trying to access it by both Firefox & telnet both failed though

[dmorris]

try this:

http://wiki.untangle.com/index.php/P...shooting_Guide

[jeremyl]

Thanks for the quick response will keep focusing on Port Forward then.

I went through your "Troubleshooting Guide" but I am still in trouble

1 - Have not enabled "Enable External Administration" so this should not be an issue
2 - Checked default gateways were correct on both systems
3 - Checked I could access/telnet the IP address and access website from another Internal Machine
4 - Failed in DMZ but worked from another computer in Internal Zone
5 - Not necessary since its only DMZ to Internal
6 - Failed cannot ping destination from DMZ Zone
7 - Turned off Untangle Firewall but still unsuccessful
8 - That's as simple as it gets
9 - Have not enabled "Enable External Administration" so this should not be an issue
10 - Not relevant for this scenario

Is there something else in conjunction with "Port Forwarding" I need?

Also to be safe I setup Windows 7 - IIS7 to bind it to all IP addresses & disabled the windows firewall:-

IIS Setup:-

Type HostName Port IP Address
http 80 *
http 8530 *

It could be that because 192.168.100.1 is not a IP address for the system it is rejecting but I doubt it.

[jeremyl]

To explain the reason I am asking:-

I have a WSUS Server in the internal zone & to increase security each zone is separated/blocked but we still want our DMZ Zone to access this WSUS Server though.

In ISA Server you setup a listener rule setup & even though the machine only had 192.168.0.211, you could setup in the firewall additional IPs (192.168.100.101) it would listen on for each zone.

It was also restricted to a single port to minimize the chances of people hacking into our internal zone from a compromised DMZ system.

Also I disabled all other untangle components since I noticed that web filter displayed a message saying "Cannot use IP address for an address" but no luck the only way I could get access was to use http://192.168.0.211 in a web browser from DMZ when I had disabled/turned off "Block DMZ to INT" in packet filters.

Currently waiting for someone to respond since I have tried everything I know about Untangle

(Just to confirm I don't want to change IP address since that would mean a lot of work going through all the systems host files & editing it since I associated a name to it.)