DMZ – how do I setup incoming/outgoing for VLANs?
My DMZ interface on pfSense is 10.0.0.1.
I have several machines that need to go in/out of this interface but they are across different subnets/VLANs…
Server 1: 10.0.0.50 (VLAN1)
Server2: 10.0.1.50 (VLAN2)
Server3: 10.0.2.50 (VLAN3)
Where do I start? I am new to pfSense and could use some help setting this up!
Interface –> Assign --> VLANs
Create the needed VLANs on the physical interfaces.
After you created the VLANs you can assign them under
Interface --> Assign
and the VLANs will appear as a new interface.
Please dont mix VLAN traffic and untagged traffic on the same physical interface.
OPT1 vlan10 on vr0
OPT2 vlan20 on vr0
OPT3 vlan30 on vr0
interfaces: vr0, vr1
OPT1 vlan10 on vr1
OPT2 vlan20 on vr1
OPT3 vlan30 on vr1
Just to sum it up. You will then have 3 DMZ nic's on pfsense.
Some wink guides to watch.
Wow! Thanks for the quick response!
Maybe I am thinking about this the wrong way?
I have some VMWare VMs that I am trying to keep separated (not able to see each other).
I figured VLAN was a good way to do this…
I setup my first VM with an IP address of 10.0.1.1. It is currently attached to the DMZ interface on the pfSense box through a switch. But I can't get it out to the internet...
When I try to ping 10.0.0.1 (DMZ interface IP) it says "network not found"?
Is there a better/easier way to accomplish what I want to do?
Might help http://www.vmware.com/pdf/esx3_vlan_wp.pdf
HEY THANKS FOR THE INFO!
So my DMZ IP address is 10.0.0.1.
My VLAN 100 is subnet 10.0.1.x
When I setup some Linux Servers on VLAN 100, can I use 10.0.0.1 as the default gateway? Can I also use 10.0.0.1 as the DNS server address?
I wonder if you could help me with 1 more thing… I am used to setting up 1:1 NATs on a commercial firewall (cough sonicwall cough) ...
I wonder how I do 1:1 NAT with pfSense... I gave it a whirl and it didn't work quite right?
Basically I just need to forward a public IP straight to the DMZ private IP (on the VLANS you helped me setiup above)....
I have a block of 8 public IPs coming in my WAN port so I think I need to setup what pfSense refers to as a "virtual IP" for each of my public IPs (that is not the WAN IP address)?
How is the best way to forward ALL traffic from a PUBLIC IP straight to the DMZ private IP? (each server is hardend with it's own built in firewall)...
Thanks again for the help!