DMZ default blocked problem
-
I have a Pfsense 1.0.1 with 4 nics
LAN* -> xl0 -> 10.0.0.1
WAN* -> xl1 -> 2xx.xx.x.x(DHCP) ( not a private ip)
OPT1(DMZ)* -> xl2 -> 10.1.0.1
OPT2(DMZ2) -> xl3 -> 10.2.0.1I can ping the DMZ form the LAN, but not from the DMZ to the LAN ( or anywhere else)
I tried to ad a rule that alows "all trafic" in the DMZ ( same as default rule in LAN )
"tcp DMZ net * * * * " and
"icmp * * 10.1.0.1* * "I tried also to "unblock " private networks in "interfaces/wan" but it didn't help
any pointers ? -
There is no reason why this should not work. I have a similar setup and I am experiencing no problems. Try updating to the latest snapshot at http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/
The unblock private networks only applies to the WAN interface, and would not affect you being able to ping from your DMZ to LAN segment.
-
"tcp DMZ net * * * * " and
"icmp * * 10.1.0.1* * "If you only use protocol TCP pings won't work as they are icmp ;)
Default LAN rule uses any as protocol. -
Hi, TNX I changed the default rule to " * DMZ net * * * * " witch by my understading should alow annything in the DMZ net ( not what i wanted, but a start ;- ) ) so i can now ping the fw ( 10.1.0.1 ) but it now seems like its ( the ping ) is picked up by the ICMP ( ICMP * * 10.1.0.1 ** ) rule even if the ICMP rule is located after the "alowe all ( * DMZ net * * * * ) "rule ?
But the dns request is still blocked in the fw ( ping google.com ….. can not resolve : host name lookup failure ) and it's showing up in the log as blocked by @373 bloc drop in log quick all label " Default block all just to bee shure. " -
Do you use the DNS-Forwarder or an external DNS-Server? It now really should work. Maybe try upgrading to a recent snapshot though I don't think that there is a problem with this config and 1.0.1 release.
-
I use DNS forward, I also tried to oppgrade to pfSense-Full-Update-1.0.1-SNAPSHOT-02-18-2007.tgz with resulted in total lockdown had to reinnstall the old 1.0.1 ;-)
-
You must have some invalid configuration. Never seen something like this before. Try restarting from scratch and recreate your config step by step and test in between the steps.