Rules question for DMZ setup
-
I am splitting my network into a DMZ setup using PFsense. I have set up several virtual IP and are using 1:1 nat and port forward for the services on my network. The question is
If I have a Port forward for example smtp traffic from virtual IP Wan addres to an internal address in my DMZ. Is it enough to use the automaticly created rule in the wan interface that allows smtp traffic from * to 172.16.x.x wich is my internal address on the DMZ.
Or, do I have to setup a rule on the DMZ interface too that does the same thing?
The same regards to the 1:1 nat.
-
http://forum.pfsense.org/index.php/topic,7001.0.html
-
I have seen that link. =) Though, I dont believe that it answers my question. =/
-
If I have a Port forward for example smtp traffic from virtual IP Wan addres to an internal address in my DMZ. Is it enough to use the automaticly created rule in the wan interface that allows smtp traffic from * to 172.16.x.x wich is my internal address on the DMZ.
Or, do I have to setup a rule on the DMZ interface too that does the same thing?
@http://forum.pfsense.org/index.php/topic:
Traffic is filtered on the Interface on which traffic comes in.
So traffic comming in on the LAN-Interface will only be processed by the rules you define on the LAN tab.So yes a rule on the WAN should be enough.
-
You are right. The answer was sort of there. =) Since my DMZ is a private address network all traffic from WAN first arrives on Wan and is port forwarded to DMZ.
