Hi,
I have a DMZ host (e.g. for website hosting. 192.168.60.2) on a separate VLAN. The host is visible from the Internet for a limited number ports (80 and 443 to be precise) using port forwards. The URL of the host is www.example.com with IP 1.1.1.1 (the WAN IP). This has been setup using an external DNS server on the Internet.
What I want to achieve is that:
1) from the VLANs on my internal network, I connect to www.example.com via IP 1.1.1.1 on ports 80/443. My understandind is that this is possible via port-forwarding with hairpins
2) from the VLANs on my internal network, I connect to www.example.com (1.1.1.1, so with the same DNS lookup as above) for the ssh port, and port 8080. I do not want to expose the ssh port and port 8080 to the Internet.
In my previous setup (with OpenWrt CC), I realized this by a redirect rule, which redirects traffic to the WAN IP (1.1.1.1) to the internal DMZ IP (1.1.1.1). In practice, this redirect rule translates to an iptables prerouting rule for the relevant ports and IPs.
Any suggestions how to do this on EgdeOS?
thanks,
JG
