all DMZ traffic being blocked
-
I have pfsense set up with WAN, LAN, and DMZ. WAN and LAN traffic are both working as they should. However, the DMZ seems to be completely blocked.
I have rules that allow all LAN traffic to DMZ, blocks all DMZ traffic to the LAN, and one to all allow all
I cannot access the DMZ from the LAN. I can ping the DMZ nic but cannot ping anything beyond it.
Nothing in the DMZ can get anywhere. Watching tcpdump on the interface, I can see DNS requests being sent. I can also see those queries hitting the WAN interface and replies coming back but nothing is ever returned to the DMZ.
I'd appreciate a clue or two.
Thank you
-
@thrashcardiom What is the situation in your LAN rules tab?
-
Just an Lan to any rule at this stage.
-
@thrashcardiom said in all DMZ traffic being blocked:
I have pfsense set up with WAN, LAN, and DMZ.
I advise to take a 5 minute test :
Backup you config.
Reset pfSense to default.
Setup you WAN.
Knowing that LAN has 192.168.1.1/24 - setup your OPT1 or DMZ to 192.168.2.1/24 - check DHCP on your OPT1 /or DMZ interface.
Copy exactly the default firewall rule that you can find on the LAN Firewall tab to your OPT1 or DMZ firewall rule tab.
This is a basic any to any rule.Now, LAN behaves equal to DMZ : both can access Internet - both can access each other.
Afterwards : add your changes step by step - test each step - don't think it's ok, use the principle that's it is wrong until proven otherwise.
Btw : your image, what interface it ??
-
@Gertjan I'll give that a go later today. The rules showing in the image are the DMZ rules.
-
Working now. Helps if you don't set the DMZ IP to be /32 instead of /24
