I'm no expert but I might be able to help:
Remember to save your config so that you can undo the changes if this ends up not working.
If someone else like chechito or danilovav provide an answer, trust their answer more than mine because they know a lot more than me.
Firstly, in Objects -> Address Book -> InterfaceAddresses, define the private and public IP addresses of the server on the DMZ which you're trying to connect to.
For example:
http-wan-ip = 192.168.1.100
http-dmz-ip = 10.1.1.1
Change 192.168.1.100 above to an ip address on your wan network which is not already in use.
Change 10.1.1.1 to the ip address of the server on the dmz that you want to connect to.
Now in servicios_dmz, change the SAT rule to these settings (change the ip addresses below to match your network):
Name: SAT_HTTP_TO_DMZ
Action: SAT
Service: HTTP-ALL
Schedule: (none)
Source interface: any
Source network: all-nets
Destination interface: wan
Destination network: http-wan-ip
Then in the SAT tab of the SAT_HTTP_TO_DMZ, enter:
Translate the: destination ip address
To new IP address: http-dmz-ip
Now set the NAT_LAN rule settings to:
Name: NAT_DMZ
Action: NAT
Service: HTTP_ALL
Schedule: (none)
Source interface: any
Source network: all-nets
Destination interface: wan
Destination network: http-wan-ip
You shouldn't need the Allow rule because of the NAT rule which automatically allows but you could leave it there for the moment.
Now add an ARP Publish rule under Objects -> Interfaces -> ARP:
Mode: Publish
Interface: wan
IP address: http-public-ip
MAC: 00-00-00-00-00-00
The settings above are for a static wan ip. If you're using a dynamic wan ip, then change the destination interface for the SAT and NAT rules to "core" and change the destination network for the SAT and NAT rules to the dynamic ip address of the wan network (PPPoE-interface-ip).
Author
Topic: sat wan1 dmz http (Read 5210 times)