DMZ setup issues
-
Screenshots:
Status > Interfaces for LAN and DMZ
Firewall > Rules for LAN and DMZ
Firewall > NAT Outbound Tab (Just humor me and do it again. Thanks.)
-
Sure. No problem. I changed to Manual and all these NAt appeared.
-
Sure. No problem. I changed to Manual and all these NAt appeared.
Ok. Just leave it alone and stop clicking things.
-
ok. Leaving it alone. Do you still want the screenprints?
-
Of course.
-
Screen prints
-
More prints
-
Last print
-
Your DMZ rules are all out-of-whack but nothing that should stop it from working out to the internet.
Pick a host on DMZ. Can it ping 192.168.2.1?
If so, can it ping 8.8.8.8?
What is the IP address, netmask, and default gateway of that host?
-
Yes it can ping 192.168.2.1 and 8.8.8.8
IP 192.168.2.11
SM 255.255.255.0
GW 192.168.2.1 -
So what's not working?
-
Internet pages don't load. Almost like it is not reaching DNS. I get page not found
-
What happens on the DMZ host when you ping www.google.com?
What name servers are you giving out to the hosts on DMZ?
Did you muck around with the DNS Resolver? is it enabled?
-
When I try a ping to www.google.com, I get unknown host. I am giving 8.8.8.8 Didn't touch DNS Resolver.
-
Yes The DNS resolver is enabled
-
Your DNS isn't working. Fix that and you'll be good.
dig or drill are your friends.
-
I understand that but the only DNS configured is 8.8.8.8. It works from the LAN side
-
Don't know what to tell you. Your rules on DMZ are wrong, but it just makes it not a DMZ. It won't break DNS resolution to google.
Not sure why you're not pointing your DMZ clients at pfSense's DNS resolver instead.
dig @192.168.2.1 www.google.com
dig @8.8.8.8 www.google.com
-
I got it working. No I will go in and correct the rules.
Thanks for your help
Randy
-
Could you specify what you did to fix it so that it may help others down the road?