I hope you can help me cause this is starting to be mindblowing for me.
I have something like this as an IT architecture:
Inner Server ---> Inner Firewall ---> Inner Loadbalancer ---> INTERNET ---> Farside LoadBalancer ---> Farside Firewall ---> Farside Server
Now between the Inner server and the Farside server I have a good connection, if I add masquerade for the external network card/zone on my Inner Firewall that leads to the loadbalancer. However I wish to deny basically any incoming connection from the internet towards my inner architecture. Therefore I'm going to add a rich rule to the loadbalancer to drop anything that isn't coming from a specific MAC address or IP range. This is OK.
However, I've came across an issue. The dev. team created a console command that needs to run every minute on the inner server and that basically fetches information from the farside server. If I'm removeing the masquerade from the inner firewals external zone/NIC, then the command failes since the server has no route to the domain hosted on the farside server. The exact error looks like this:
Code: Select all
In CurlFactory.php line 185: cURL error 7: Failed connect to uploads.mydomain.com:443; No route to host (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
I hope this is challenging for you guys as well and not just I'm being a noob (again).