DMZ configuring
-
@viragomann Thank you again,
Sure thing so let me post some screenshots:
I set the gateways and the static routes under > System > Routing > Gateways and also the Static Route Tab.
-
@carlos-magalhaes
The WAN GW is a public IP. This should be hidden though.The LAN gateway is disabled in this screenshot. I assume, you did it, cause it didn't work.
Apart from this and the new subnets all settings seems correct.Enable both gateways again. If it does not work, post the IPv4 routing table, please.
-
@viragomann said in DMZ configuring:
@carlos-magalhaes
The WAN GW is a public IP. This should be hidden though.The LAN gateway is disabled in this screenshot. I assume, you did it, cause it didn't work.
Apart from this and the new subnets all settings seems correct.Enable both gateways again. If it does not work, post the IPv4 routing table, please.
The WAN GW is a public IP. This should be hidden though.
Its a public gateway that is publicly accessible
-
@carlos-magalhaes said in DMZ configuring:
This is the default gateway setting. But good to see it. Here you have to select the WAN gateway.
In the settings of the LAN gateway (System > Routing > Gateways > edit gateway) you have to enable it at the top.
Hmm. The screen not showing something useable.
-
So there is the gateways showing and both the WAN and LAN gateways are showing as enabled (if that's what you meant)
Hmm. The screen not showing something useable.
This was the routing under >Diagnostics > Routing
-
@carlos-magalhaes
Yes, seems ok.
In the gateway screenshot it looks like it was disabled. -
If I disable the WAN gateway (which I see is set as default), of course the internet drops but I can then ping the 192.168.9.x network via the USG on 192.168.1.3. As soon as I enable the WAN gateway and do a traceroute for 192.168.9.x it sends it out via the WAN gateway and tries to find that IP via the WAN Gateway
-
@mynetworkrocks
So again, the route might be not correct. So enable both gateways and the static route and check the routing table.The screenshout you've posted does not show a proper entry.
-
@viragomann said in DMZ configuring:
@mynetworkrocks
So again, the route might be not correct. So enable both gateways and the static route and check the routing table.The screenshout you've posted does not show a proper entry.
So here is the static route, the destination network is the LAN behind the USG, the USG is 192.168.1.3, the LAN behind the USG where the log server I am trying to get to is on 192.168.9.x.
Then if I go to diagnostics > Routing, what I am trying to show here (the blurred part is other IP's i need to obscure but none are relevant to this discussion). Those two entries are te only two entries in Diagnostics > Routes under IPv4 Routes that have anything on the 192.168.x.x network. I don't see anything there for 192.168.9.x network as per the static route I created and is enabled?
-
@mynetworkrocks
Damn! You said, the USG does not respond to ping. So you cannont use it for gateway monitoring at all.
The gateway might get marked as down (check in Status > Gateways), hence pfSense ignores the route.So best to disable gateway monitoring here, since it is a local gateway anyway.
-
@viragomann said in DMZ configuring:
@mynetworkrocks
Damn! You said, the USG does not respond to ping. So you cannont use it for gateway monitoring at all.
The gateway might get marked as down (check in Status > Gateways), hence pfSense ignores the route.So best to disable gateway monitoring here, since it is a local gateway anyway.
Dam! that was it, the monitoring was disregarding the route ..... so I disabled the monitoring and disabled the monitoring actions and it worked straight away :)
The USG doesnt allow it to be "pinged" but the routing works now :) Thank you sir!
