DNS problem

PetrKRUP Posts: 1
edited April 2021 in Security

I have USG20-VPN, one public IP and same internal windows virtual servers. One is web and second is exchange server. I have DC01 controler with DNS server. In internal network I have no problem. www.example.com (IP x.x.x.163) and exchange.example.com (x.x.x.170) work perfect. So internal DNS server work.

To acces webserver from internet i can set NAT rule, forward port 80,443. But exchange server use same 443 port and here is problem. I try to set servers to DMZ, set A name and CNAME in zyxel, but still, whan I turn off NAT than nothing work.

Please help.

Many Thanks

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @PetrKRUP  

    Currently the NAT port forwarding function can forward the traffic from WAN side to LAN side.

    But due to your WebServer and Exchange are using the same external port(443). So it unable forwarding traffic to different servers in the same time.

    There are 2 ways can resolve this situation:

    (1) Use different external port when accessing to your server.

    e.g. XXX.YYY.ZZZ.AAA:444 -> mail-server:443

    (1) Asking additional public IP address from your ISP and set different IP addresses for your servers.

    e.g. XXX.YYY.ZZZ.AAA: 443 -> HTTP-server: 443

    XXX.YYY.ZZZ.BBB: 443 -> mail-server:443

Security Highlight