Unable to get to internet from DMZ



  • Hi folks,
    i have this issue and unable to figure out why within my netscreen NS25.

    so basically i have 2 dmz subnet
    eth2 172.10.0.0/24
    eth2.1 172.11.0.0/24 tag 100

    I setup a policies to allows subnet 172.11.0.0/24 to access internet "DMZ to Untrust"
    I am some how unable to browse the internet. I even restrict down to one specific ip but still unable.

    I can see that the traffic request go out in the firewall log but pc show timed out and unable to browse.

    Date/Time Source Address/Port Destination Address/Port Translated Source Address/Port Translated Destination Address/Port Service Duration Bytes Sent Bytes Received Close Reason
    2012-06-08 10:42:12 172.11.0.11:63216 64.132.94.250:53 172.11.0.11:63216 64.132.94.250:53 DNS 69 sec. 309 0 Close - AGE OUT
    2012-06-08 10:42:12 172.11.0.11:57575 64.132.94.250:53 172.11.0.11:57575 64.132.94.250:53 DNS 69 sec. 261 0 Close - AGE OUT
    2012-06-08 10:42:10 172.11.0.11:57575 216.136.95.2:53 172.11.0.11:57575 216.136.95.2:53 DNS 68 sec. 348 0 Close - AGE OUT

    however if i set the polices in DMZ to Untrust as ANY/ANY/ANY then all pc in the both dmz can browse the internet. wh

    Date/Time Source Address/Port Destination Address/Port Translated Source Address/Port Translated Destination Address/Port Service Duration Bytes Sent Bytes Received Close Reason
    2012-06-08 10:47:00 172.11.0.11:14592 74.229.11.35:512 97.11.130.66:10600 74.229.11.35:512 ICMP 1 sec. 82 78 Close - RESP
    2012-06-08 10:47:00 172.11.0.4:778 74.229.11.35:1 97.11.130.66:15314 74.229.11.35:1 ICMP 3 sec. 78 78 Close - RESP
    2012-06-08 10:47:00 172.11.0.4:779 74.229.11.35:1 97.11.130.66:2377 74.229.11.35:1 ICMP 2 sec. 78 78 Close - RESP

    what Am I doing wrong here? how can I set to allow 1 subnet of dmz access internet instead of all subnet?



  • it seems a NAT problem
    try to configure the policy from DMZ 172.11.0.0 to Untrust with NAT Source via egress-interface
    ++


 

32
Online

38.5k
Users

12.7k
Topics

44.5k
Posts