DMZ – how do I setup incoming/outgoing for VLANs?

sierradump

My DMZ interface on pfSense is 10.0.0.1.

I have several machines that need to go in/out of this interface but they are across different subnets/VLANs…

Server 1: 10.0.0.50 (VLAN1)
Server2:  10.0.1.50 (VLAN2)
Server3:  10.0.2.50 (VLAN3)

Where do I start?  I am new to pfSense and could use some help setting this up!

Thanks!

GruensFroeschli

Interface –> Assign --> VLANs
Create the needed VLANs on the physical interfaces.

After you created the VLANs you can assign them under
Interface --> Assign
and the VLANs will appear as a new interface.

Please dont mix VLAN traffic and untagged traffic on the same physical interface.

BAD example
interfaces: vr0
LAN: vr0
OPT1 vlan10 on vr0
OPT2 vlan20 on vr0
OPT3 vlan30 on vr0

good example
interfaces: vr0, vr1
LAN: vr0
OPT1 vlan10 on vr1
OPT2 vlan20 on vr1
OPT3 vlan30 on vr1

Perry

Just to sum it up. You will then have 3 DMZ nic's on pfsense.
Some wink guides to watch.
http://www.myupload.dk/showfile/1008841bddf.zip
http://www.myupload.dk/showfile/1008831bddf.zip
http://www.myupload.dk/showfile/10039053e2b.zip

sierradump

Wow! Thanks for the quick response!

Maybe I am thinking about this the wrong way?

I have some VMWare VMs that I am trying to keep separated (not able to see each other).

I figured VLAN was a good way to do this…

I setup my first VM with an IP address of 10.0.1.1.  It is currently attached to the DMZ interface on the pfSense box through a switch.  But I can't get it out to the internet...

When I try to ping 10.0.0.1 (DMZ interface IP) it says "network not found"?

Is there a better/easier way to accomplish what I want to do?

Perry

Might help http://www.vmware.com/pdf/esx3_vlan_wp.pdf

sierradump

HEY THANKS FOR THE INFO!

So my DMZ IP address is 10.0.0.1. 
My VLAN 100 is subnet 10.0.1.x

When I setup some Linux Servers on VLAN 100, can  I use 10.0.0.1 as the default gateway?  Can I also use 10.0.0.1 as the DNS server address?

I wonder if you could help me with 1 more thing… I am used to setting up 1:1 NATs on a commercial firewall (cough sonicwall cough) ...

I wonder how I do 1:1 NAT with pfSense... I gave it a whirl and it didn't work quite right?

Basically I just need to forward a public IP straight to the DMZ private IP (on the VLANS you helped me setiup above)....

I have a block of 8 public IPs coming in my WAN port so I think I need to setup what pfSense refers to as a "virtual IP" for each of my public IPs  (that is not the WAN IP address)?

How is the best way to forward ALL traffic from a PUBLIC IP straight to the DMZ private IP? (each server is hardend with it's own built in firewall)...

Thanks again for the help!