Use Different WAN Upstream for DMZ subnet
-
I run VMs on ESXi, all pfsense routers are VMs (school lab).
I have 2 public IPs (2 routers), one for VM outbound traffic and second for DMZ (email server must be routed to internet). I need to route my outbound traffic from DMZ to router2 and the rest to router1.
Actually my LAN and DMZ traffic passes by R1, nothing by R2 (DMZ must go by R2 only)My DMZ virtual machines are behind pfsense on OPT1 interface.
My LAN virtual machines are behind pfsense on LAN interface.
My WAN interface of PFSENSE has rfc1918 ip in order to route traffic for ROUTER1 or ROUTER2 depending from which LAN traffic are coming from…Here is the topology :
Router1
WAN Public_IP1 (for VM / LAN outgoing traffic)
LAN 172.16.1.1 /24Router2
WAN Public_IP2 (for DMZ)
LAN 172.16.1.2 /24PFSENSE
-
WAN interface : 172.16.1.254 /24
Default gateway 172.16.1.1 /24 (R1)
Second gateway is 172.16.1.2 /24 (R2) -
LAN interface : 10.1.1.254 /24
-
DMZ Interface (OPT1) : 192.168.100.254 /24
]
R1 & R2 have static routes for DMZ & LAN (via pfs wan address 172.16.1.254).
I can ping R1 & R2 Lan interfaces from DMZ, LAN and Pfsense itself.
I can ping the Internet.
NAT rule on pfsense is automatic.My Gateway screen :
My Firewall DMZ rule to apply second gateway for DMZ subnet
thanks in advance
-