I’m trying to solve following problem.
I have one Vyatta router with zone firewall applied where are ethernet interfaces:
eth0 - public network (public IP from internet provider 8X.4X.1X.1X)
eth1 - private network (192.168.0.1/24)
eth2 - DMZ (10.0.0.1/24)
I have set nat destination rules on a router:
set nat destination rule 1 destination address '8X.4X.1X.1X'
set nat destination rule 1 destination port '52131'
set nat destination rule 1 inbound-interface 'eth0'
set nat destination rule 1 protocol 'tcp'
set nat destination rule 1 translation port '80'
set nat destination rule 1 translation address '10.0.0.2'
and according firewall rules.
Domain name which is used to access the server in DMZ is translated to the public IP address 8X.4X.1X.1X.
If I am accessing the dmz server from the internet it works well. Perfectly works if I access dmz server from private network and use IP address 10.0.0.2.
Problem is when I am in a private network:
telnet dmzserver.company.net 52131
telnet: Unable to connect to remote host: Connection refused
I ran tshark on interface eth1 (private) and I can see SYN and ACK packet but that’s all. I expect packets on eth2 (DMZ) or eth0(public) interfaces but there aren’t.
Packets catched on eth1:
0.000000 192.168.0.4 -> 8X.4X.1X.1X TCP 52794 > 52131 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 TSV=28046719 TSER=0 WS=7
0.000055 8X.4X.1X.1X -> 192.168.0.4 TCP 52131 > 52794 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Does someone know what problem I have and how to solve it?
Thank you very much in advance.