Outbound from servers not working
-
Hi All,
I am looking to see what I need to setup properly to allow certain traffic from the servers to the internet
Here is what I have:
pfsense 2.6 in a stand alone box using three nics
WAN LAN DMZ Bridge0 (WAN DMZ)
I have the following ports open in the Firewall / Rules
WAN
pass ICMP echoreq
pass tcp/udp 53 (DNS)
web_ports tcp 80,81,443, 8080
mail_ports tcp/udp 25,110, 143, 465, 587, 993, 995
admin ports tcp 22, 23, 123, 444I can ssh into a server and see the webpages no problem. However when in the server I cannot ping out.
bhorne@nexus:~ $ ping yahoo.com ping: cannot resolve yahoo.com: Host name lookup failureAlso tried testing with sendmail and it failed also.
All servers are attached to DMZ port which is bridged with WAN
So I think my question is how do I allow outbound traffic such as ping, ntp, smtp, dns out to the internet?
Thanks in advance
-
@understudy
The outbound traffic is allowed by firewall rules. Did you add some?Why are DMZ and WAN bridged?
This means the servers in the DMZ have IPs in the WAN address space and can communicate directly to the WAN gateway.Btw, why do you allow DNS on WAN?
-
All excellent questions. I will do my best to answer them.
The rules I added are the ones shown above in my original post here.The WAN and DMZ are bridged because I have multiple public IPs behind the DMZ
And yes the subnet and range for the those IPs are part of the the IP attached to the WAN. If you need more detail on that you can read that here.https://forum.netgate.com/topic/175317/pfsense-wan-dmz-apache-vhosts-public-ips
DNS is allowed because I have webservers with domain names.
I can ping out from the LAN interface but not from the Servers behind the DMZ.
-
@understudy
You need rules on the DMZ to allow outbound traffic. -
@viragomann
Thank you for your response. My apologies for getting back late. I placed rules on the DMZ port and that has appeared to fix most of the issues. So thank you very much for that.
