NO NAT DMZ not working when NO NAT is configured

clubbing80s

Hi,

I'm trying to setup pFsense with NO NAT on my DMZ interface. so that I can make use of the Public IPs that are configured on the DMZ. I have net yet been able to the DMZ hosts to be accessible from the internet and the hosts on the DMZ can only connect to the internet when NAT is enabled. I have tried adding rules to the firewall wan and dmz interfaces but no luck.

When NO NAT is enabled for 101.XXX.XXX.176/28 DMZ

traffic can not pass from DMZ to the internet.
traffic can not pass from the internat to the DMZ
traffic can pass from the LAN to DMZ

When NAT is enabled for 101.XXX.XXX.176/28 DMZ

traffic can not pass from DMZ to the internet.

DMZ (OPT1) IP 101.XXX.XXX.177 101.XXX.XXX.176/28
|
(Internet) |
WAN –------|pFsense|
103.237.42.28/28 |
|
LAN (192.168.1.1/24)

I have attache screen shots of the firewall and NAT rules. All the routing is default.

Please advise if you can see what I have missed .

Many thanks

![2016-07-22 20_26_24-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png_thumb](/public/imported_attachments/1/2016-07-22 20_26_24-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png_thumb)
![2016-07-22 20_26_24-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png](/public/imported_attachments/1/2016-07-22 20_26_24-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png)
![2016-07-22 20_26_45-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png](/public/imported_attachments/1/2016-07-22 20_26_45-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png)
![2016-07-22 20_26_45-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png_thumb](/public/imported_attachments/1/2016-07-22 20_26_45-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png_thumb)
![2016-07-22 20_27_02-firewall1.linuxpro.co.nz - Firewall_ Rules_ LAN.png](/public/imported_attachments/1/2016-07-22 20_27_02-firewall1.linuxpro.co.nz - Firewall_ Rules_ LAN.png)
![2016-07-22 20_27_02-firewall1.linuxpro.co.nz - Firewall_ Rules_ LAN.png_thumb](/public/imported_attachments/1/2016-07-22 20_27_02-firewall1.linuxpro.co.nz - Firewall_ Rules_ LAN.png_thumb)
![2016-07-22 20_27_27-firewall1.linuxpro.co.nz - Firewall_ Rules_ DMZ.png](/public/imported_attachments/1/2016-07-22 20_27_27-firewall1.linuxpro.co.nz - Firewall_ Rules_ DMZ.png)
![2016-07-22 20_27_27-firewall1.linuxpro.co.nz - Firewall_ Rules_ DMZ.png_thumb](/public/imported_attachments/1/2016-07-22 20_27_27-firewall1.linuxpro.co.nz - Firewall_ Rules_ DMZ.png_thumb)
![2016-07-22 20_28_01-firewall1.linuxpro.co.nz - Firewall_ NAT_ Outbound.png](/public/imported_attachments/1/2016-07-22 20_28_01-firewall1.linuxpro.co.nz - Firewall_ NAT_ Outbound.png)
![2016-07-22 20_28_01-firewall1.linuxpro.co.nz - Firewall_ NAT_ Outbound.png_thumb](/public/imported_attachments/1/2016-07-22 20_28_01-firewall1.linuxpro.co.nz - Firewall_ NAT_ Outbound.png_thumb)

cmb

That means that /28 isn't being routed to you, which it has to be for that to function. Have your ISP route the /28 to your WAN IP (assuming your WAN IP is in a diff subnet) and it will work as you're configuring it.

clubbing80s

Hi cmb,

Thank you for your reply.

My ISP had provided me with the WAN IP and /28 which is supposed to be routed as you said …. I'll follow up with them.

Regards.