Help setting up DMZ
-
I'm having some trouble setting up a DMZ. I searched the forums and got some good info, but what seems to be the key document (http://doc.m0n0.ch/handbook/examples.html) is not available. There's a cached page at Google, but it's of little use without the images.
My ISP has provided me with a single cable modem and five IP addresses. Two of the IPs are used for other things (a WiFi router and a separate subnet unconnected to this pfSense configuration). On this configuration, I have the following:
WAN - xxx.yyy.zzz.34
OPT1 - xxx.yyy.zzz.36
OPT2 - xxx.yyy.zzz.38
LAN - 192.168.1.1
OPT3 - 192.168.1.3 (DMZ)I got the WAN/LAN thing working fine.
What I want to do is route traffic from OPT1 and OPT2 to the DMZ. I think I know how to do that, but first I need to get the DMZ interface connected.
It almost works. I first configured the DMZ interface for DHCP, connected a computer to it, and the machine was able to get an IP address. This will eventually be a static IP address, but I'll use DHCP until I get things working.
I created an outbound firewall rule on the DMZ interface that passes all traffic from DMZ–basically the same rule as the default LAN firewall rule. I realize that I'll have to lock that down, once I get things working.
Thing is, it doesn't work. At least, something isn't working. From the computer hooked to the DMZ interface, I can't ping, I can't get to my DNS servers -- nothing. Traffic graphs show that it's receiving packets from the DMZ interface, but then I don't know what happens to them.
Did I forget an important step somewhere? Do I have to create NAT rules beyond the automatically generated rules?
I'm sure I'll have more questions once I get this basic thing working. But for now, how do I get my second interface to talk to the outside world?
Thanks in advance.
Jim
-
Create firewallrules at firewall>rules, dmz tab to allow traffic coming in on that interface.
btw, I don't have issues accessing the m0n0 documentation including images. Everything's there.
-
Thanks for the reply. I managed to get everything working, although it would have been easier had I been able to see that m0n0 document. I don't know why I'm unable to view it from here.