Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DMZ Gateway Interface Causes Internet Issues

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      reason
      last edited by

      I have a DMZ gateway which has been working just fine.

      I decided to add a Gateway Interface under  DMZ Inerface and my internet connection completely went down.

      I was able to ping devices on the LAN but not on the internet.

      Restoring an older backup profile resolved the issue but I am not sure what caused the issue in the first place.

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        Normally the "DMZ" is just another ordinary LAN, that happens to have some servers to which public port/s are forwarded from WAN1, WAN2…
        The DMZ does not have an upstream gateway to the internet on its own subnet. The upstream gateways are on WAN1, WAN2... through which the internet is reached.
        So do not put a gateway on the DMZ interface.
        You cleaned it up by going back to a previous config - that works! For others, if you do not easily have a good previous config, remove the gateway specified in the DMZ interface, then go to System->Routing, select the real WAN as the default gateway and delete the DMZ_GW.
        General rule:
        If an interface is to an internal LAN (i.e. usually with private IPs) then do not put a gateway.
        If an interface has an upstream device that is the way out to the internet, then it is a WAN and should have a gateway set.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • R Offline
          reason
          last edited by

          @phil.davis:

          Normally the "DMZ" is just another ordinary LAN, that happens to have some servers to which public port/s are forwarded from WAN1, WAN2…
          The DMZ does not have an upstream gateway to the internet on its own subnet. The upstream gateways are on WAN1, WAN2... through which the internet is reached.
          So do not put a gateway on the DMZ interface.
          You cleaned it up by going back to a previous config - that works! For others, if you do not easily have a good previous config, remove the gateway specified in the DMZ interface, then go to System->Routing, select the real WAN as the default gateway and delete the DMZ_GW.
          General rule:
          If an interface is to an internal LAN (i.e. usually with private IPs) then do not put a gateway.
          If an interface has an upstream device that is the way out to the internet, then it is a WAN and should have a gateway set.

          Phil,

          Sound good! I did see a DMZGW listed under GATEWAYS but I did not find a way to remove it. I will definitely keep this in mind.

          Thanks for the quick response and heads up!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.