This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UPLINK Probleme > Mailserver / Websever

Ja jetzt kommt natürlich was kommen muss...

Keine Ahnung von Uplinking...

Uplink mit Glasfaser funktioniert.. Nur der Webserver und Mailserver natürlich nicht mehr, da ich keine Ahung habe, wie die richtigen Rulesets aussehen müssen, damit der Traffic in der DMZ nur über das DSL Interface der Telekom geht und auch dahin zurück findet.

Mag mir dabei jemand helfen ? Ich steh hier gerade wie der Ochs vorm Berg.

Die Config is so:

Internal

DMZ

DSL Telekom

Glasfaser EON

Der Mail und Webserver is in der DMZ und der Traffic von da soll auch nur über das DSL Telekom gehen und wieder zurück.

Ich habe da durch einen Freund ein /29 C-Netz wo unser Hobby Zeug auf Web und Mailserver läuft.....

Ich bin ein Freund davon, wenn die Daten auf meiner eigenen Maschine liegen.

Das Internal zum Surfen usw. kann beide EON und Telekom nutzen.

Nur weiss ich leider nicht, wie ich das zu konfigurieren habe.



This thread was automatically locked due to age.
Parents
  • Hallo Wolfgang,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    Since you have both "DSL Telekom" and "Glasfaser EON" connected, have you tried a Multipath rule binding the DMZ traffic to the DSL uplink?

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Wolfgang,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    Since you have both "DSL Telekom" and "Glasfaser EON" connected, have you tried a Multipath rule binding the DMZ traffic to the DSL uplink?

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Yes..

    my goal is , that all traffic that comes to the external DSL interface for the DMZ ( and vice versa) goes only use the DSL interface

    internal network does not matter.

    because the mail and webserver will fail. because they cant be reached if uplink switches to the EON interface.

    Edit: i made a screenshot from my setting, pls let me know if those make any sense at all.

    Thanks !

    would this work ?

  • Wolfgang,

    In the rule in Position 2, change Destination to "Internet" as the "DSL WAN" interface only includes the IPs on the interface, nothing in the outside world.  Also in this rule, change 'Itf Persistence' to "By Interface" and select "DSL WAN" in 'Bind interface'.

    Delete the rule in Position 4 and make sure you have a NAT rule like:

         DNAT : Internat -> Email Messaging -> DSL WAN : to "your mailserver"

    Note that the DNAT doesn't affect responses arriving at the DSL WAN interface.  See #2 in Rulz.

    Geht's so?

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BAlfson,

    as always thanks for your help !

    I'll give that a go and see what happens.