Routing problem with Web Application Firewall (virtual web server)

Hello,

I am new to this community and try my first troubleshooting on an UTM 8.

 

My setup:

Internet provider: German Telekom

Router: Bintec Elmeg / Digitalisierungsbox Premium, WAN-IP fix, LAN-IP 192.168.99.1

Portforwarding on Router: exposed host on UTM 8 (192.168.99.10), 80 on UTM 8, 443 on UTM 8

UTM8: Set up as Firewall and DNS-Forwarder, now trying to run reverse-proxy for internal web-server 
UTM8-Interfaces:
- WAN-interface (eth1) 192.168.99.10.
- LAN-interface (eth0) 192.168.100.254 (=gateway for network)
UTM8-Services:
VirtualWebServer on WAN-Interface (https&reconnect) with Let's encrypt refers to webserver

WirtualWebServer von LAN-Interface (https&reconnect) with Let's entcrypt refers to webserver

Domain:
example.domain.tld refers to fix external IP

Network:
webserver: IP 192.168.100.4 port 80

DNS: resolves example.domain.tld to external IP (So far no split DNS configured)

PROBLEM:

External http/https-requests work perfectly.

Internal requests are not going to reverse-proxy (VirtualWebServer) nor do they reach webserver. Web-frontend of the router shows up, when trying to access example.domain.tld.

Somehow the http/https-reqeust from 192.168.100.0/24 seems to get malrouted to 192.168.99.1. Can anyboby help me?

Thank you in advance!

  • Hi  

    What is the firmware version of the Sophos UTM? I ask this because UTM8 is end of life for a long time now.

  • In reply to Jaydeep:

    I'm sorry: It's a UTM 9. Firmware is 9.700-5.

    Since yesterday I found a "workaround" that does not really solve the problem but works particularly: I added a DNS-hostname to my internal servers entry. 

    Still I think that my router outside my protected network should not answer the https-requests from the internal network. 

  • In reply to Johannes Neimann:

    Hallo Johannes and welcome to the UTM Community!

     sounds like you found the best solution.

    Cheers - Bob