I have a DMZ with several hosts providing some services such as email, FTP, jabber, web and others. These services can be accessed both of all from the local network and from outside my network.
Until now in the DMZ I had only one host that provided the web service (with apache), but now in the host where run email service I installed an application to serve webmail access (rainloop), it is configured using a web server (apache); also, in other host I installed the Nextcloud+ONLYOFFICE combination as a server in the clouds and it is hosted on an Apache server to. These mean that in the DMZ are different hosts listening to ports 80 and 443. Until now I had used a simple DNAT rule to forward all traffic coming from outside of my network to ports 80 and 443, to the IP of the host where the web service is running in DMZ: DNAT:info net dmz:192.168.14.8 tcp 80,443 But now there are three different hosts running apache listenig on port 80 and 443, so when I try to access from outside of my local network or DMZ, to the host where is running Nextcloud, the webpage that respond is the webpage hosted in the host running the web service, not the Nextcloud webpage. How can I prevent that this happen? I mean, when someone outside of my network try to access the webmail (rainloop) that is running in a host different (different IP) than the host where run the web services the page that the user see in the browser correspond with the rainloop webpage, or maybe when try to access to Nextcloud the web page correspond whit the service that try to access. This is the configuration of /etc/zones: fw firewall net ipv4 loc ipv4 dmz ipv4 /etc/interfaces net enp4s1 tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0 loc enp5s0 tcpflags,nosmurfs,routefilter,logmartians dmz enp7s0 tcpflags,nosmurfs,routefilter,logmartians /etc/policy loc net ACCEPT info net all DROP info all all REJECT info The network interfaces use static IP: enp4s1: 10.10.120.254 enp7s0: 192.168.14.1 enp5s0: 192.168.41.1 The server IP address are: gtmem.gtm.onat.gob.cu - 192.168.14.3 gtmd.gtm.onat.gob.cu - 192.168.14.8 gtmnb.gtm.onat.gob.cu - 192.168.14.11 gtmoffice1.gtm.onat.gob.cu - 192.168.14.14 -- Rommel Rodriguez Toirac romme...@nauta.cu _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
