we've looked around in the mailing list, but didn't find any solution for our problem:
our system has three interfaces:
WAN (public IP - 212.x.x.113)
LAN (local IP - 126.96.36.199)
DMZ (public IP - 212.x.x.123)
the DMZ subnet has the web and email server with IP 212.x.x.123.
for testing reasons we created rules for all three interfaces which allow "everything",
means for any protocoll, any source and any destination, packets
from "inside" erverything seems fine:
LAN can access both WAN and DMZ, including web and email.
DMZ can access WAN and LAN, i.e. web
but from "outside" there is something wrong:
BUT WAN can't access DMZ !
We can ping DMZ though from WAN, but HTTP does not work.
a port scan shows that all ports of the web server are closed.
what are we doing wrong? Do we have to activate NAT ? We didn't think so,
as we are using a public IP for the DMZ.
it seems that we miss some basic understanding
any help is appreciated :-)