I have a problem with port forwarding.
I have 1 centos with 3 interfaces :
internet
|
Internal - [centos] - DMZ
I want reach the smtp server on the internal network from DMZ. (smtp is just for the example)
But when i try with this :
Code: Select all
public (default, active)
interfaces: ens32
sources:
services:
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
internal (active)
interfaces: ens34
sources:
services: ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
dmz (active)
interfaces: ens35
sources:
services:
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.88.11" forward-port port="35" protocol="tcp" to-port="2525" to-addr="192.168.69.20" accept
And if i enable masquerade on Internal i can reach all internal network from dmz, but i don't want that.
It is possible to have masquerade enabled only with port forwarding ?
Ps: Sorry for my english
Thanks