• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DMZ default blocked problem

Scheduled Pinned Locked Moved Firewalling
7 Posts 3 Posters 3.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    Klexx
    last edited by Feb 19, 2007, 6:53 AM

    I have a Pfsense 1.0.1 with 4 nics
    LAN*                    ->  xl0    ->      10.0.0.1
    WAN*                    ->  xl1    ->      2xx.xx.x.x(DHCP) ( not a private ip)
    OPT1(DMZ)*              ->  xl2    ->      10.1.0.1
    OPT2(DMZ2)              ->  xl3    ->      10.2.0.1

    I can ping the DMZ form the LAN, but not from the DMZ to the LAN ( or anywhere else)
    I tried to ad a rule that alows "all trafic" in the DMZ  ( same as default rule in LAN )
    "tcp DMZ net * * * * " and
    "icmp * * 10.1.0.1* * "

    I tried also to "unblock " private networks in "interfaces/wan" but it didn't help 
    any pointers ?

    1 Reply Last reply Reply Quote 0
    • Y
      yoda715
      last edited by Feb 19, 2007, 7:55 AM

      There is no reason why this should not work. I have a similar setup and I am experiencing no problems. Try updating to the latest snapshot at http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/

      The unblock private networks only applies to the WAN interface, and would not affect you being able to ping from your DMZ to LAN segment.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by Feb 19, 2007, 9:47 AM

        @Klexx:

        "tcp DMZ net * * * * " and
        "icmp * * 10.1.0.1* * "

        If you only use protocol TCP pings won't work as they are icmp ;)
        Default LAN rule uses any as protocol.

        1 Reply Last reply Reply Quote 0
        • K
          Klexx
          last edited by Feb 19, 2007, 3:46 PM

          Hi, TNX I changed the default rule to " *  DMZ net * * * * " witch by my understading should alow annything  in the DMZ net ( not what i wanted, but a start ;- ) ) so i can now ping the fw ( 10.1.0.1 ) but it now seems like its ( the ping ) is picked up by the ICMP  ( ICMP * * 10.1.0.1 **  ) rule even if the ICMP rule is located after the "alowe all ( *  DMZ net * * * *  )  "rule ?   
          But  the dns request is still blocked in the fw  ( ping google.com ….. can not resolve : host name lookup failure ) and it's showing up in the log as blocked by @373 bloc drop in log quick all label " Default block all just to bee shure. "

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by Feb 19, 2007, 4:21 PM

            Do you use the DNS-Forwarder or an external DNS-Server? It now really should work. Maybe try upgrading to a recent snapshot though I don't think that there is a problem with this config and 1.0.1 release.

            1 Reply Last reply Reply Quote 0
            • K
              Klexx
              last edited by Feb 19, 2007, 11:19 PM

              I use DNS forward, I also tried to oppgrade to pfSense-Full-Update-1.0.1-SNAPSHOT-02-18-2007.tgz with resulted in total lockdown had to reinnstall the old 1.0.1 ;-)

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by Feb 20, 2007, 11:13 AM

                You must have some invalid configuration. Never seen something like this before. Try restarting from scratch and recreate your config step by step and test in between the steps.

                1 Reply Last reply Reply Quote 0
                1 out of 7
                • First post
                  1/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received