DMZ, NAT, Router... something is blocking me

[chinapub]

Hi,I am a newer to CP,I use CP4.1 on Nt4 sp6.
On my firewall, 3 NIC's, 1 for my LAN, 1 for my DMZ and 1 connected to a switch;
I have a litlle problem when I want to NAT a webserver:

Original configuration(Direct to Internet) :
Webserver:
web public IP:202.120.137.100
gateway :202.120.137.99
dns :202.138.98.68
subnet: 255.255.255.240
everything's working fine, but unprotected.

so i try cp4.1,and the config:

New configuration in DMZ:
Webserver:
IP: 192.168.1.2
NAT to: 202.120.137.100
subnet: 255.255.255.0
gateway: 192.168.1.1 (private IP of DMZ)
nothing's going in nor out

Firewall:
NIC1 to internet:
IP:202.120.137.101
gateway :202.120.137.99
dns :202.138.98.68
subnet: 255.255.255.240
dns :202.138.98.68

NIC2 to LAN:
IP:192.168.0.1
subnet:255.255.255.0

NIC3 to DMZ:
IP:192.168.1.1
subnet:255.255.255.0

am i right to config the DMZ and LAN?

But the DMZ can't work ,i can't use the webservre from outside either

Please help

 

[Piloria]

you havent said what your firewall rulebase is
also are you NATing on the webserver or using the Firewall to NAT


you will need in addition to
management rule, stealth, catch all rules

any - webserver - http/https - accept - log
internal lan - any - http/https/..... - accept - log

Best diagnosis is to watch the logs and see if trafic is accepted or rejected and on which rule they match.

 

[chinapub]

Thank u

I check the tules,yes,there r 2 error,Now it run ok!