How to allow a host on DMZ to access Internet?

Hi!

I have a server on the DMZ with the ip-address 192.168.3.10. What is the command to allow this host to access the internet?

As soon as I add some permitrules on the DMZ interface, the implicit rule disappears (Permit all traffic to lower security networks).
If I add this command:
access-list dmz_access_in extended permit object-group all host 192.168.3.10 host any

The rule will also allow the server to access the inside hosts, how do I allow only the server to access the Internet??

Thanks!
ideonitAsked:
Who is Participating?
 
sukamtoConnect With a Mentor Commented:
yes, so must add another one on top as below. not sure if it works, let me check again, try and update me.

access-list internal permit ip 192.168.1.0 255.255.255.0 host 192.168.3.10
access-list dmz deny ip host 192.168.3.10 192.168.1.0 255.255.255.0
access-list dmz permit ip host 192.168.3.10 any
0
 
sukamtoCommented:
pls try below, hope will help little.

what is your lan network ip? change x.x.x.x with your lan network
add below in sequence:

access-list dmz deny ip host 192.168.3.10 x.x.x.x 255.255.255.0
access-list dmz permit ip host 192.168.3.10 any
0
 
ideonitAuthor Commented:
Lan network is 192.168.1.0/24

Ok, but if I deny the host to the lan network, will I be able to connect from lan -> dmz ?
Or will the deny-rule deny all traffic from the dmz host to the lan?

I would like to be able to connect from lan to dmz, but not from dmz to lan.

Thanks!
0
 
ideonitAuthor Commented:
That worked!!
Thank you for your help! :=)
0
All Courses

From novice to tech pro — start learning today.