New install - DMZ not seeing out
-
HI, i am new to PFSense and just did my first install - all seems fine as i can see the outside from my LAN and can not see anything to the inside!
But from my DMZ i can ping the default gateway (OPT1 ip on the wall) and i can ping the WAN ip on the wall but nothing on the other side of that..!?!?!? any ideas please!!
Have a rule set-up the same as for my LAN, any to any!
Then once i have this setup what would be the best to set-up my web servers in the DMZ??
Thanks
Abe -
You need to create an advanced outbound NAT entry for your DMZ if you want to NAT it out.
If you have multiple IP's on WAN create a VIP for each.
Forward the ports you need to your servers and have if necessary the VIP as "source".Also since you created a DMZ i assume you want to restrict access from it to the LAN.
Create a rule that allows access to the internet and a rule that denies access from the DMZ to your LAN.
See my sig on how. -
Thanks, that seemed to do the trick.
I added a outbound NAT rules
Created VIP's for the servers in the DMZ
Added forwarding rules for the ports
One server works 100% the other i am having some issues with but am sure it should be sorted!Thanks guys!!
-
You might want to enable NAT reflection
advanced –> deactivate "disable NAT reflection".
-
Thanks Gruens Froeschli, you have been a great help - that did the trick for the two web pages that kept on timing out all the time!!
Thanks, all seems fine now!
How can i get the firewall log reflecting all traffic it scans?
Cheers
Abe -
Do you mean you want traffic which is allowed logged?
Just enable the flag "Log" in the config of the rule.You might want to have a sys-log server running to which the logs are sent since the local space (RAM) can be used up pretty fast.
-
Cool, thanks
Issue closed!
