Chapter 12 Virtual Servers
12.2.2 Tutorial - How to Allow Public Access to a Server
This is an example of making an HTTP (web) server in the DMZ zone accessible from the Internet (the WAN zone). You will use a public IP address of 1.1.1.2 on the ge2 (or wan1 on USG 200 and lower models) interface and map it to the HTTP server’s private IP address of 192.168.3.7.
Figure 17 Public Server Example Network Topology
|
|
| DMZ |
|
| WAN | ||
|
|
|
|
| ||||
192.168.3.7 |
|
|
|
|
| 1.1.1.2 | ||
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Follow the following steps for the setting.
1Configure Address object
Create two address objects. One is named DMZ_HTTP for the HTTP server’s private IP address of 192.168.3.7. The other one is named ge2_HTTP for the ge2 (wan1) public IP address of 1.1.1.2.
Router# configure terminal
Router(config)#
Router(config)#
Router(config)#
2Configure NAT
You need a NAT rule to send HTTP traffic coming to IP address 1.1.1.2 on ge2 (wan1) to the HTTP server’s private IP address of 192.168.3.7. Use the following settings:
•This NAT rule is for any HTTP traffic coming in on ge2 (wan1) to IP address 1.1.1.2.
•The NAT rule sends this traffic to the HTTP server’s private IP address of 192.168.3.7 (defined in the DMZ_HTTP object).
•HTTP traffic and the HTTP server in this example both use TCP port 80. So you set the port mapping type to “port”, the protocol type to “TCP”, and the original and mapped ports to “80”.
Router(config)# ip
3Configure firewall
Create a firewall rule to allow HTTP traffic from the WAN zone to the DMZ web server.
Router(config)# firewall insert 1
Router(firewall)# description
Router(firewall)# from WAN
Router(firewall)# to DMZ
Router(firewall)# destinationip DMZ_HTTP
Router(firewall)# service HTTP
Router(firewall)# exit
Router(config)# write
Router(config)#
Now the public can go to IP address 1.1.1.2 to access the HTTP server.
122 |
|
ZyWALL (ZLD) CLI Reference Guide | |
|
|