• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 311
  • Last Modified:

Trying to route all access from internet to a web box on a DMZ

What is the best way to route traffice from internet to a dmz. I have foritage 100a router, all traffice that comes from internet on port 80 i want to force to a web box  which will host the web site, that is not on my current network.
The fortigate has ports all ready established for the dmz but im not sure where to set this up.

THanks
Jared
0
jbisordi
Asked:
jbisordi
  • 3
  • 3
1 Solution
 
JohnjcesCommented:
The first problem, as I see it, is that this web server is not on the same network as your router.

Is that a correct understanding?

Is it in the same building and accessible?

There are a couple of ways that it can be done, but provide us with some more details... I.E. the IP subnet of the router's LAN and the IP of the web server you want to use.

John
0
 
jbisordiAuthor Commented:
yes the builing is accesible

internall network is on 192.168.1.0 255.255.255.0 gateway is 192.168.1.253
i have a server that is connect to same router  ip 192.168.50.1 with a cross over cable server ip 192.168.50.2

want to log on external ip and get to the 192.168.50.2 server.
0
 
JohnjcesCommented:
Well, the firewall/router you have has two dmz ports that you can assign an IP address to that would allow access to your port 80 (http) server apparently at 192.168.50.2. I do not understand or I am confused about the hookups you are using.

Your fortigate should have a LAN IP of 192,168,1,253 for your main LAN, correct?
So you have your web server connected to this fortigate as well on one of the interfaces which has an IP of 192.168.50.1. I hope I have this correct.

Normally a DMZ a demilitarized zone, is open to all incoming traffic from the web/WAN interfaces. I would never put more than one machine on a DMZ as all those machines PCs and servers, are very vulnerable.

In your case, I would port forward port 80 to 192.168.50.2 and not put it on any of the DMZ interfaces.

The fortigate should have a web interface that you can set up the ports, IP addresses, firewall rules and it will allow you to port forward.

I hope I have started to answer your question.

John
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jbisordiAuthor Commented:
got it working using the dmz  all externall traffic coming in on port 80 gets forwarded to 192.168.50.2 webserver  that works fine however i would also like to be able to work on that computer remotlely i tried making a rule saying any traffic coming from a certain ip address get forward to that same server port 3389 for remote desktop. can that work as well? the dmz port on the foritgate is 192.168.50.1 that is the only to things on the 50 network


thanks
0
 
JohnjcesCommented:
OK. So that DMZ will allow you to block all ports and allow the forwarding one port. That is great!

You should be able to allow multiple ports to forward to that IP doing the same thing you did before. As it is usually necessary in a lot of web servers to forward port 25, 80, 21 and others to that same server.

John
0
 
jbisordiAuthor Commented:
seems to be ok hopefully i can take care of everything else remotly
Thanks

0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now