Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DMZ network dont find internal network - VPN client dont reach DMZ servers

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 459 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alebeta
      last edited by

      Hello friends,

      I have the follow:

      • OVH Dedicate Server

      • IP failover Block /27

      • Running in a VM on Proxmox 4.x

      • WAN Interface(using one IP from the /27 block) is in a bridge with the DMZ1 interface to be accessible

      • pfSense Version: 2.3.2-RELEASE-p1

      Interfaces:

      • WAN 178.x.x.65

      • DMZ1 178.x.x.64/27

      • DMZ2 10.x.x.x.x/24

      • LAN    192.x.x.x/24

      What happen is some times the servers in the DMZ1 who have Plubic IP address can not reach the networks DMZ2 and LAN (both are internal networks) is like some times lose the route to this network. When i configure the Gateway in the Servers i use the plublic IP of the pfSense Firewall then he can have access to the other networks. The other part of the time is possible to access all the resources without problem. The thing is that something really strange happen that some times i have this outage and is broken the communication between DMZ1 and DMZ2 then webservers can not communicate with DB servers.

      The other problem is from the OpenVPN interface, some times i can access all the resources in the DMZ1 but some times i have problem with one host, that i can not reach. Here an example of the traceroute:

      1  gateway (10.0.1.1)  55.979 ms  55.984 ms  55.970 ms
      2  149.202.68.253 (149.202.68.253)  98.540 ms  98.564 ms  98.519 ms

      Here he is going somewhere beyond the pfsense firewall in the OVH network.

      This is how should look the traceroute when is working properly:

      1  gateway (10.0.1.1)  23.332 ms  65.114 ms  65.045 ms
      2  web01.example.com (178.x.x.76)  64.984 ms  64.945 ms  64.923 ms

      I want to know if there is a way to force in both problems to use the right route or if this is a bug?

      Let me know if more details are necessary to by more clear.

      All the best and thanks for the help friends.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.