I have Astaro set up with 3 NICs labelled External, Internal, and DMZ. Here's what I want:
Internal Network has access to everything.
DMZ has access to Internet but not Internal.
Now, I had at first thought that I could just create a rule to allow DMZ traffic to travel the External network...but it looks like External only points to the address of my external interface. So my next thought was that I would set up my rules as such:
Source --> Service --> Action --> Destination:
Internal(Network) --> Any --> Allow --> Any (allow Internal access to everything)
DMZ(Network) --> Any --> Drop --> Internal(Network) (Drop access from DMZ to Internal)
DMZ(Network) --> Any --> Allow --> Any
I realize that my third rule states that the DMZ has access to everything but I thought that the rules would be processed in order such that any time the DMZ tried to access the internal network it would get stopped by the second rule. This does not happen, however. I can still access things on the local network.
Now, if I don't want the DMZ to access the internet I can take out those rules and just forward traffic from the internet to the DMZ. But I wish to allow the DMZ to download virus updates from the external network.
Do I have the rules set up wrong? Is there a better way to do this?
Thanks.
This thread was automatically locked due to age.
