Web server back-flow rules in DMZ
-
I have a 1:1 NAT setup with an web server in the DMZ. I have setup the WAN rules to allow 80/443 to the web server in the DMZ. The web site is only visible from the outside what I have a rule on the DMZ interface allowing the web server traffic out. As it pfSense is not making a statefull connection in both directions. Any ideas? I added a rule for the web server to communicate to ANY with ports 1024-65000 as a temporary fix. But this then opens unwanted holes into the LAN side as well.
-
use the DNS forwarder for the domain.
-
It is enabled, but there is no domain yet as it is a test server at the moment. How will the DNS forwarder help the situation?
-
for the destination on your DMZ interface rule, tick the 'not' box and select LAN subnet.