The usual use of the DMZ is to allow access to a server to both internal users and external users.
The main use of the DMZ is to avoid that external users can access your internal servers.
So external users on Endian are on RED zone
Internal users are on GREEN zone
DMZ servers are on ORANGE zone.
You you need to achieve is:
A-Give access to external users to your DMZ server.
B-Give access to internal users to your DMZ server.
C-Avoid access from DMZ server to your internal subnet.
I'll use some fake IP addresses to the example:
-Green Zone: Internal users, subnet G.G.G.X
-Orange Zone: DMZ, subnet D.D.D.X. It has the webserver as D.D.D.20
-Red Zone: R.R.R.X
On Inter-zone firewall create 3 rules:
Rule 1: Source:Zone ORANGE Dest:Zone GREEN Action: DENY
Rule 2: Source:ANY Dest:Zone ORANGE Action: ALLOW WITH IPSThese rules will achieve the B & C goals.
To have external users accesing your server, you need to create a port forwarding rule:
Rule: Incoming IP: Uplink ANY Service: TCP/80 Translate to D.D.D.20
And there you go. This will allow you to connect to your server via
http://D.D.D.20, from internet.
As an additional step, if you have a domain name you should edit your domain name DNS to point
www.mywebpage.com to D.D.D.20.
It's similar with a dynamic IP and dynDNS.
Author