DMZ setup issues
-
I added those rules exactly as written except the DNS one, I changed to TCP/UDP. Still no internet on the DMZ interface.
I had TCP/UDP 53 so I'm not sure what you're saying.
How is your outbound NAT configured?
And what do you mean by "no internet?" What isn't working? DNS? What?
You might want to add one like this next to the DNS rule so you can ping the pfSense interfaces from DMZ:
Action: Pass
Disabled: Unchecked
Interface: DMZ
TCP/IP Version: IPv4
Protocol: ICMP
ICMP type: any
Source: DMZ net
Destination: This Firewall (self)
Log: Unchecked
Description: Pass ICMP to pfSense -
My bad. I mispoke about the DNS rule. My outbound NAT is empty. I have DNS configured pointing to Google DNS 8.8.8.8. Internet still doesn't load.
Thanks
Randy
-
"Internet still doesn't load" doesn't tell me anything.
Are you on Automatic Outbound NAT?
Is the DMZ network listed?
Can you ping the pfSense interface (if you added the rule I suggested)?
Can you ping 8.8.8.8?
Can you resolve names?
-
"Internet still doesn't load' I was just saying no pages load ex: Google
Are you on Automatic Outbound NAT? Yes
Is the DMZ network listed?No, I don't recall seeing it
I didn't try to ping 8.8.8.8 but Iwas unable to ping the DMZ gateway
Can you resolve names? That I didn't try.
I am at work but I will be back to it Tonight.
Thanks
Randy
-
"Internet still doesn't load' I was just saying no pages load ex: Google
Are you on Automatic Outbound NAT? Yes
Is the DMZ network listed?No, I don't recall seeing it
It needs to be there.
I didn't try to ping 8.8.8.8 but Iwas unable to ping the DMZ gateway
Did you add that ICMP rule I suggested?
-
I added the Outboud NAT but internet still not loading on the DMZ side. I also added an attachment
Thanks
-
You can't add an outbound NAT in Automatic mode so I have no idea what you're actually doing.
-
Me neither. How do I do it correctly.
Thanks
-
Screenshots:
Status > Interfaces for LAN and DMZ
Firewall > Rules for LAN and DMZ
Firewall > NAT Outbound Tab (Just humor me and do it again. Thanks.)
-
Sure. No problem. I changed to Manual and all these NAt appeared.
-
Sure. No problem. I changed to Manual and all these NAt appeared.
Ok. Just leave it alone and stop clicking things.
-
ok. Leaving it alone. Do you still want the screenprints?
-
Of course.
-
Screen prints
-
More prints
-
Last print
-
Your DMZ rules are all out-of-whack but nothing that should stop it from working out to the internet.
Pick a host on DMZ. Can it ping 192.168.2.1?
If so, can it ping 8.8.8.8?
What is the IP address, netmask, and default gateway of that host?
-
Yes it can ping 192.168.2.1 and 8.8.8.8
IP 192.168.2.11
SM 255.255.255.0
GW 192.168.2.1 -
So what's not working?
-
Internet pages don't load. Almost like it is not reaching DNS. I get page not found