We would like to give both our customers and coworkers a single link (subdomain.ourdomain.com) to access a common web application.
I set up a web server on a machine connected to LAN, it's accessible from any workstation inside our LAN using its ip. I then installed a firewall (Zyxel USG20) with appropriate firewall rules and port forwarding and everything worked fine, except for accessing the web server using the public ip.
He's the configuration
-
all workstations + the server's first ethernet adapter are on LAN (all connected to a switch, which is connected to the firewall's LAN1 port)
-
The Web server has two network adapters, the first one is connected to LAN and the second one to the firewall's DMZ port.
-
I set up a NAT rule to redirect traffic from the firewall's WAN port to the web server's second Ethernet interface (connected to the firewall's DMZ port) for HTTP
Mapping type:Virtual Server | Interface:Wan1 | Original IP:any | Mapped IP: | Protocol:tcp | original port:http | Mapped port:http
My web server is accessible from outside our LAN using our public ip and subdomain.ourdomain.com, but not from the LAN using our public IP (nor using the domain name address). I then added another rule
Mapping type:Virtual Server | Interface:Wan1 | Original IP: | Mapped IP: | Protocol:tcp | original port:http | Mapped port:http
this, with the option "Enable NAT Loopback" checked.
But it didn't help either, I keep having the server timeout page.
What did I miss exactly ?
Thanks in advance
Best Answer
I just recently got a USG100 which is pretty much same and I was struggling with the LAN -> Server connection, so here is what i did to get it working for me.
Created NAT rules using public ip address as original ip and NAT loopback enabled.
Added Firewall rules to allow the traffic.
NAT rules screenshot
Hope this solves the problem for you also.