Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound from servers not working

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 709 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • UnderstudyU
      Understudy
      last edited by

      Hi All,

      I am looking to see what I need to setup properly to allow certain traffic from the servers to the internet

      Here is what I have:
      pfsense 2.6 in a stand alone box using three nics
      WAN LAN DMZ Bridge0 (WAN DMZ)
      I have the following ports open in the Firewall / Rules
      WAN
      pass ICMP echoreq
      pass tcp/udp 53 (DNS)
      web_ports tcp 80,81,443, 8080
      mail_ports tcp/udp 25,110, 143, 465, 587, 993, 995
      admin ports tcp 22, 23, 123, 444

      I can ssh into a server and see the webpages no problem. However when in the server I cannot ping out.

      bhorne@nexus:~ $ ping yahoo.com
      ping: cannot resolve yahoo.com: Host name lookup failure
      

      Also tried testing with sendmail and it failed also.

      All servers are attached to DMZ port which is bridged with WAN

      So I think my question is how do I allow outbound traffic such as ping, ntp, smtp, dns out to the internet?

      Thanks in advance

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Understudy
        last edited by

        @understudy
        The outbound traffic is allowed by firewall rules. Did you add some?

        Why are DMZ and WAN bridged?
        This means the servers in the DMZ have IPs in the WAN address space and can communicate directly to the WAN gateway.

        Btw, why do you allow DNS on WAN?

        UnderstudyU 1 Reply Last reply Reply Quote 1
        • UnderstudyU
          Understudy @viragomann
          last edited by

          @viragomann

          All excellent questions. I will do my best to answer them.
          The rules I added are the ones shown above in my original post here.

          The WAN and DMZ are bridged because I have multiple public IPs behind the DMZ
          And yes the subnet and range for the those IPs are part of the the IP attached to the WAN. If you need more detail on that you can read that here.

          https://forum.netgate.com/topic/175317/pfsense-wan-dmz-apache-vhosts-public-ips

          DNS is allowed because I have webservers with domain names.

          I can ping out from the LAN interface but not from the Servers behind the DMZ.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Understudy
            last edited by

            @understudy
            You need rules on the DMZ to allow outbound traffic.

            UnderstudyU 1 Reply Last reply Reply Quote 1
            • UnderstudyU
              Understudy @viragomann
              last edited by

              @viragomann
              Thank you for your response. My apologies for getting back late. I placed rules on the DMZ port and that has appeared to fix most of the issues. So thank you very much for that.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.