NAT for DMZ not working

stokiemike · Dec 27, 2012, 3:03 PM

Hi,

Recently my hardware Firewall failed, until the replacement comes I need to get PfSense working, but I am failing. I have three physical connections as follows:
•LAN
•DMZ (Opt1)
•WAN
I am trying to get Internet connection between the DMZ and WAN using the NAT but cannot get any DMZ server to recieve the Internet. To start with I have fully opened the Rules to allow all traffic (once I have the internet working I will apply the original rules). I can access LAN to DMZ no problem.
I have provided a NAT:outbound rules as follows:
•Interface: WAN
•Source & source port: *
•Destination & dest port: *
•NAT address: *
Note that PfSense can access the Internet fine and performs DNS lookups and pings to google. From the DMZ a trace route to google IP also fails

Any suggestions?

dimkyson · Dec 27, 2012, 5:21 PM

Did you try the Automatic outbound NAT rule generation?

podilarius · Dec 27, 2012, 10:04 PM

If you are set to manual outbound nat, you will need to add the DMZ network to list. I don't think an any is going to work here. There should be a rule for LAN and one for DMZ. Setting the source as something like DMZnet or LANnet or 10.0.0.0/24 and such.

stokiemike · Dec 28, 2012, 8:43 AM

Have tried the automatic NAT, but no luck

stokiemike · Dec 28, 2012, 10:52 AM

Thanks podilarius for your comments but I have tried your suggestions with no luck

podilarius · Jan 1, 2013, 6:10 AM

Did you setup an allow rule in the OPT1 firewall settings? By default no rule is added and will thus block all connections.