Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DMZ and Protected on same NIC

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      John5788
      last edited by

      Hello,

      I've been looking into creating a DMZ because a game I am playing requires my computer to be exposed (its a really old game that uses a P2P like networked multiplayer).

      I've read tutorials for creating DMZ using a second NIC card and I was wondering if it was possible to setup a subnet or something that is DMZ and have the system assigned an IP that was in the DMZ?

      I have a couple reasons why I cannot use the third NIC for DMZ

      1. My pfsense box does not have any more PCI slots
      2. My main desktop is Gentoo, but the game is an old windows games which I am running in a VirtualBox Windows XP using a bridged interface (my virtualbox gets its own IP from pfsense, but shares same eth0 as my gentoo).

      Please add any suggestions.

      1 Reply Last reply Reply Quote 0
      • Cry HavokC Offline
        Cry Havok
        last edited by

        Does it have any USB ports - you could use a USB NIC.  Alternatively, VLANs are what you're after, but you'll need a VLAN capable switch.

        Note that that DMZ in this case isn't necessarily what you're thinking of.  Most SOHO routers use DMZ as a shorthand for forwarding all ports to that host.  I doubt you'll find either VLANs or a DMZ will help you - what you really want to do is forward (just) the relevant ports to the IP of the virtual machine.

        1 Reply Last reply Reply Quote 0
        • J Offline
          John5788
          last edited by

          I've been trying to port forward relevant ports to the client, but it seems the game wants every single port available. it randomly cycles through ports and I can't define a range (besides 0 - 65535) to port forward to my system.

          Every time I try to connect to the game, I see a new firewall log and I add the rule, but it is endless!

          1 Reply Last reply Reply Quote 0
          • Cry HavokC Offline
            Cry Havok
            last edited by

            You can try forwarding the entire range, however… I would expect your VM to be compromised within half an hour if it isn't fully patched and running a software firewall that only allows traffic back in that's related to the outbound traffic (which I doubt is possible from what you say).

            1 Reply Last reply Reply Quote 0
            • C Offline
              clarknova
              last edited by

              upnp might be an option if your game supports it.

              db

              1 Reply Last reply Reply Quote 0
              • J Offline
                John5788
                last edited by

                @clarknova:

                upnp might be an option if your game supports it.

                is this an option i set in the game or in pfsense?

                1 Reply Last reply Reply Quote 0
                • C Offline
                  clarknova
                  last edited by

                  Possibly both. For sure you have to enable it in pfsense. The game may or may not attempt to use it automatically. If not, you may have to jump into the game preferences and turn it on. A game that is as nasty about open ports as you described almost certainly will support upnp, unless it's so old that the developers of the time had not yet heard of firewalls ;)

                  db

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.