Create a VLAN for the DMZ 192.168.1.0/24
Port forward in the usual way ports 443/80 from one of your WAN IPs to the IP in that VLAN you have given the Proxy (ie 192.168.1.100)
Then create a firewall ruleset that blocks all ports to and from the web proxy apart from those needed for it to function (ie only traffic from 192.168.1.0/24 destined to the IP of the web server at 10.0.0.100 on ports 80/443. Block everything else.
I’ve got it set up and can ping from the 10.0.0.xxx to 192.168.1.xxx, but not the other way. Seems I am missing something here. Before I point a public IP at the Reverse Proxy I wanted to be sure I can connect to the required server at 10.0.0.xxx
Correction. I cannot ping either way. I expected that with “Inter-VLAN routing” enabled I would be able to connect to the server at 192.168.1.xxx from 10.0.0.xxx
For now, set internal firewall rules to any/any allow so that we know the firewall isn’t the cause. Login to the web server and the proxy and ping the Balance 380 IP on their VLANs own.
Then login to the balance and use the ping tool in the webadmin to prove you can ping both the web server and the proxy.from the router.
Make sure both devices have got their default gateways set to be the Balance 380 too.
Then check the software firewall logs on the webserver - often when using a private IP they will block all traffic apart from that which originates from the same subnet.
I setup another PC on my LAN with IP of 192.168.10.100
This PC can ping and connect to the server at 192.168.10.10, but it cannot connect to the internet or to any 10.0.0.xxx device.
Here are some ping test results via the Balance380 (from 10.0.0.254)
Do you have anything else on the 192.168.10.0/24 network or is it just a single web server?
Is the Balance doing DHCP on both LANs?
What’s the default gateway set to on the 192.168.10.10 server?
The server has 192.168.10.254 as gateway
DHCP is not enabled on the vlan subnet
The server at 192.168.10.10 will be the only device. It will become a reverse proxy. I did setup a win10 pc at 192.168.10.100 for testing. It cannot see any 10.0.0.xxx devices either.
Setup looks good. Everything is pointing to either a network misconfiguration on the Web server or some sort of software firewall that is blocking access.
I would likely run a network capture on the web server (or on the balance) and prove that traffic is getting to the web server from the other LAN (but being rejected) to confirm this.
The Balance is connected to a Netgear GS748Tv3 Switch
A NetGear GS116 Switch connects to the GS748Tv3
The Proxy Sever and the Test PC connect to a the GS116 switch