Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DMZ woes

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jan.gestre
      last edited by

      Hi guys,

      I have a DMZ which hosts a FTP and MAIL server and I also have a public ip address 124.xxx.xx.xx/29. Since I have enough public ip's, I thought 1:1 NAT would be alright, so first I created the virtual IP's 124.xxx.xx.01 and 124.xxx.xx.02 to map to the internal dmz servers 192.168.5.2 and 192.168.5.3 respectively. I then checked via whatismyip.com if they are correctly mapping the correct ip's and they are indeed. Then I went to the port forwarding page to forwards the necessary ports like ftp, smtp, http, pop3, imap and checked the auto create firewall rules. I was then able to connect to the ftp and smtp locally, then I connected to one of the available public ip's to see if I can connect to the servers with the rules I've created, and I was able to. Then I thought that was it but when I went to our other office to check if it's really working, to my dismay it wasn't. I can access the pfsense GUI but not the FTP nor the MAIL interface, I can't figure out what's wrong with my rules because I've read the monowall docs and http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F over and over. I've done this before about a year ago so I'm rusty right now and I have these questions in mind:

      1. Will the 1:1 NAT be enough?
      2. Do I need to create additional rules after creating the virtual ip's and mapping the 1:1 NAT?
      3. Do I really need port forwarding in this scenario?
      4. Did the port forwarding I did messed up the 1:1 NAT?
      5. If I did not put the rule permit DMZ to any but LAN, I can't communicate with the DMZ, nor they can communicate outside like pinging google.com. Is locking down the DMZ really works?

      TIA

      Jan

      1 Reply Last reply Reply Quote 0
      • J
        jan.gestre
        last edited by

        Finally I was able to make 1:1 NAT work by following this thread –> http://forum.pfsense.org/index.php/topic,6965.0.html maybe I was stressed out yesterday that it's why I can't make it to work coupled by the rustiness of not using pfSense for more than a year.  ;D now if only I can make the DNS point to correctly in order to receive mails, currently only outgoing mails is working.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.