PfSense bastion / choke
-
Hi mates,
I am working on a bastion / choke configuration for my dmz:Internet–-pfsense bastion----DMZ-----pfsense choke-----LAN
The pfsense bastion is able to check for updates, but the choke one not, even if it is able to ping internet hosts (such as 8.8.8.8 ) from dmz interface and lan interface.
I assume it is something about the loopback interface, that it isn't able to ping anything.
Routes are correct, the default gateway for the dmz is the choke firewall. DMZ hosts can browse internet and/or ping internet hosts.Thanks anyone
Andrea
-
Hi mates,
I am working on a bastion / choke configuration for my dmz:Internet–-pfsense bastion----DMZ-----pfsense choke-----LAN
The pfsense bastion is able to check for updates, but the choke one not, even if it is able to ping internet hosts (such as 8.8.8.8 ) from dmz interface and lan interface.
I assume it is something about the loopback interface, that it isn't able to ping anything.
Routes are correct, the default gateway for the dmz is the choke firewall. DMZ hosts can browse internet and/or ping internet hosts.Thanks anyone
Andrea
Now I am able to trace route from dmz, lan and loopback interface, and dns reply to all but I am always not able to check for updates and/or install packages….
-
It is me again
Need urgent help!!!
DMZ works like a charm but….
DMZ gateway is the bastion firewall
From lan I cannot reach any DMZ host but only if I don't ping before.Is there a sort of "keepalive" port?
Thanks
Andrea
-
How are your subnets arranged? Either of these pfSense installs transparent?
Do you have the correct update URL set in System: Firmware: Updater Settings: ?
Try this: https://doc.pfsense.org/index.php/Controlling_IPv6_or_IPv4_Preference
Steve
