Hi there,
I have a UTM 230 and would like to have one host directly out in the Internet. With my internet connection I also have 8 IP addresses assigned from the provider.
Now, how to make one host from the (already existing) DMZ network appear directly in the Internet.
(Well, it would be acceptable if the server didn't know its external IP address...)
Here's what I am currently doing:
For incoming traffic, I added a DNAT rule: "Change the destination IP address to my server's if packets arrive on its public IP address.
I also added a SNAT rule saying: replace the sending IP address with the server's public IP address of traffic comes from my server's internal IP address.
Do I also need to configure any multipath rules?
Or should I use masquerading instead of SNAT?
Which IP address should I use for firewall rules protecting this host?
Is there a way to make the UTM transparent so that the server also sees the public IP address? (nice to have)
Is this setup correct?
Did I miss anything?
Can/should I use full NAT instead of SNAT and DNAT?
Is this setup also good in terms of performance?
There's also some web server protection.
But it seems that this is only for web servers. If using other services, I cannot use this feature, I guess.
It seems quite some work for a simple job.
I still keep thinking that there might be a simple option to use/reserve a specific "additional IP address" for a specific host, but there is none, right?
Best regards
Tom
This thread was automatically locked due to age.
