Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help setting up DMZ

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmischel
      last edited by

      I'm having some trouble setting up a DMZ.  I searched the forums and got some good info, but what seems to be the key document (http://doc.m0n0.ch/handbook/examples.html) is not available.  There's a cached page at Google, but it's of little use without the images.

      My ISP has provided me with a single cable modem and five IP addresses.  Two of the IPs are used for other things (a WiFi router and a separate subnet unconnected to this pfSense configuration).  On this configuration, I have the following:

      WAN - xxx.yyy.zzz.34
        OPT1 - xxx.yyy.zzz.36
        OPT2 - xxx.yyy.zzz.38
        LAN - 192.168.1.1
        OPT3 - 192.168.1.3 (DMZ)

      I got the WAN/LAN thing working fine.

      What I want to do is route traffic from OPT1 and OPT2 to the DMZ.  I think I know how to do that, but first I need to get the DMZ interface connected.

      It almost works.  I first configured the DMZ interface for DHCP, connected a computer to it, and the machine was able to get an IP address.  This will eventually be a static IP address, but I'll use DHCP until I get things working.

      I created an outbound firewall rule on the DMZ interface that passes all traffic from DMZ–basically the same rule as the default LAN firewall rule.  I realize that I'll have to lock that down, once I get things working.

      Thing is, it doesn't work.  At least, something isn't working.  From the computer hooked to the DMZ interface, I can't ping, I can't get to my DNS servers -- nothing.  Traffic graphs show that it's receiving packets from the DMZ interface, but then I don't know what happens to them.

      Did I forget an important step somewhere?  Do I have to create NAT rules beyond the automatically generated rules?

      I'm sure I'll have more questions once I get this basic thing working.  But for now, how do I get my second interface to talk to the outside world?

      Thanks in advance.

      Jim

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Create firewallrules at firewall>rules, dmz tab to allow traffic coming in on that interface.

        btw, I don't have issues accessing the m0n0 documentation including images. Everything's there.

        1 Reply Last reply Reply Quote 0
        • J
          jmischel
          last edited by

          Thanks for the reply.  I managed to get everything working, although it would have been easier had I been able to see that m0n0 document.  I don't know why I'm unable to view it from here.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.