NO NAT DMZ not working when NO NAT is configured



  • Hi,

    I'm trying to setup pFsense with NO NAT on my DMZ interface. so that I can make use of the Public IPs that are configured on the DMZ. I have net yet been able to the DMZ hosts to be accessible from the internet and the hosts on the DMZ can only connect to the internet when NAT is enabled. I have tried adding rules to the firewall wan and dmz interfaces but no luck.

    When NO NAT is enabled for  101.XXX.XXX.176/28 DMZ

    • traffic can not pass from DMZ to the internet.
    • traffic can not pass from the internat to the DMZ
    • traffic can pass from the LAN to DMZ

    When NAT is enabled for 101.XXX.XXX.176/28 DMZ

    • traffic can not pass from DMZ to the internet.

    DMZ (OPT1) IP 101.XXX.XXX.177 101.XXX.XXX.176/28
                                            |
    (Internet)                         |
                      WAN –------|pFsense|
    103.237.42.28/28           | 
                                              |
                                  LAN (192.168.1.1/24)

    I have attache screen shots of the firewall and NAT rules. All the routing is default.

    Please advise if you can see what I have missed .

    Many thanks

    ![2016-07-22 20_26_24-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png_thumb](/public/imported_attachments/1/2016-07-22 20_26_24-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png_thumb)
    ![2016-07-22 20_26_24-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png](/public/imported_attachments/1/2016-07-22 20_26_24-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png)
    ![2016-07-22 20_26_45-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png](/public/imported_attachments/1/2016-07-22 20_26_45-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png)
    ![2016-07-22 20_26_45-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png_thumb](/public/imported_attachments/1/2016-07-22 20_26_45-firewall1.linuxpro.co.nz - Firewall_ Rules_ WAN.png_thumb)
    ![2016-07-22 20_27_02-firewall1.linuxpro.co.nz - Firewall_ Rules_ LAN.png](/public/imported_attachments/1/2016-07-22 20_27_02-firewall1.linuxpro.co.nz - Firewall_ Rules_ LAN.png)
    ![2016-07-22 20_27_02-firewall1.linuxpro.co.nz - Firewall_ Rules_ LAN.png_thumb](/public/imported_attachments/1/2016-07-22 20_27_02-firewall1.linuxpro.co.nz - Firewall_ Rules_ LAN.png_thumb)
    ![2016-07-22 20_27_27-firewall1.linuxpro.co.nz - Firewall_ Rules_ DMZ.png](/public/imported_attachments/1/2016-07-22 20_27_27-firewall1.linuxpro.co.nz - Firewall_ Rules_ DMZ.png)
    ![2016-07-22 20_27_27-firewall1.linuxpro.co.nz - Firewall_ Rules_ DMZ.png_thumb](/public/imported_attachments/1/2016-07-22 20_27_27-firewall1.linuxpro.co.nz - Firewall_ Rules_ DMZ.png_thumb)
    ![2016-07-22 20_28_01-firewall1.linuxpro.co.nz - Firewall_ NAT_ Outbound.png](/public/imported_attachments/1/2016-07-22 20_28_01-firewall1.linuxpro.co.nz - Firewall_ NAT_ Outbound.png)
    ![2016-07-22 20_28_01-firewall1.linuxpro.co.nz - Firewall_ NAT_ Outbound.png_thumb](/public/imported_attachments/1/2016-07-22 20_28_01-firewall1.linuxpro.co.nz - Firewall_ NAT_ Outbound.png_thumb)



  • That means that /28 isn't being routed to you, which it has to be for that to function. Have your ISP route the /28 to your WAN IP (assuming your WAN IP is in a diff subnet) and it will work as you're configuring it.



  • Hi cmb,

    Thank you for your reply.

    My ISP had provided me with the WAN IP and /28 which is supposed to be routed as you said …. I'll follow up with them.

    Regards.


Log in to reply