DMZ -> NAT Portforward -> LAN does not work !?
-
Hi,
i have the following problem doing a port forward.i have two pfsense boxes. I have attached a drawing to show how these two are conected.
on the first one runs OpenVPN Server.The second one does the PPPoE Connection and has an additional DMZ.
My port forward from WAN to the OpenVPN Server works.
The same port forwarding rule from DMZ to this OpenVPN Server does NOT work.WAN rules:
pass TCP/UDP * * 10.1.0.1 1194 (OpenVPN) *DMZ rules:
pass TCP/UDP * * 10.1.0.1 1194 (OpenVPN) * NAT DMZ OpenVPN
block TCP * * LAN net * * Block DMZ -> LAN
pass * DMZ net * ! LAN net * * Pass DMZ -> InternetCan anyone help my what is wrong? Thanks! Carsten
-
You dont need a portforward from the DMZ to the LAN.
Just a firewall rule allowing traffic. -
Ah ok.
So am i right with the following?1. delete the Portforwarding rule
2. Make a Rule on the DMZ Interface allowing OpenWPN to LAN
3. Change the OpenVPN Clientconfig to connect directly to 10.1.0.1 instead of 192.168.101.254Do i have to make a static route from DMZ to LAN?
Regards
Carsten -
yes, yes, yes, no.
-
Ok.
I will try that out.
Thank you very much for your help!Carsten
-
Hi,
i tried it and made the correct rules.
But then the OpenVPN Client told me it drops the OpenVPN Pakets because they are from 192.168.101.254 instead of 10.1.0.1
So it seems that trafic between LAN and DMZ is NATed. Is this correct?Is ther e way to get this NAT disabled?
Thanks!
-
Usually traffic is not NATed to an OPT (which your DMZ is), unless you specified a gateway on the config page.
To disable NAT, you have to enable AoN (Firewall –> Nat --> outbound).
Enable AoN and create/delete rules accordingly to how you want traffic NATed. -
Hi,
the OPT/DMZ Interface has no Gateway defined.
I even tried to enable AoN and configured the NAT.This did not help either. I then reverted the changes but i still cant connect.
:-/Should i reboot my pfSenses?
Thanks!
Carsten -
Couldn't hurt.
