WAN to DMZ totally dead



  • My network is as follows:
    WAN - Static IP to DSL router
    LAN - 192.168.0.0/24
    DMZ - 209.166.88.48/28

    Brand new install to hard drive from Live CD 1.2.2

    Traceroute to the main machine in the DMZ (209.166.88.50) gets to the DSL router and dies. (Mostly timeouts, some "Icmp checksum is wrong")

    Web access to both servers (.50 and .51) from the LAN are perfect.

    All outgoing access from the DMZ appears to be fine.

    Mail queued on the server when the previous firewall died has all been sent, but none has been received. Mail that was already on the server was properly picked up from the LAN by a POP3 client.

    I've put all kinds of rules for the OPT1 and WAN interfaces allowing access to the OPT1 network or to the specific hosts in OPT1, nothing gets through.

    I haven't messed with much of anything other than basic options and rules. No static routes, but the system appears to be aware of all devices that are active and connected to any of the three interfaces.

    Yes, I'm getting nervous!

    Van



  • Could you show screenshots of your rules?



  • Traceroute to the main machine in the DMZ (209.166.88.50) gets to the DSL router and dies. (Mostly timeouts, some "Icmp checksum is wrong")

    Traceroute from where? (Presumably the internet.) You don't say anything about the DSL router. Its common these need to configured to allow access from the internet. (Default is often to NOT allow access from the internet unless that access matches something initiated from the non-Internet side



  • It turns out that there was a configuration error upstream, so nothing was getting to the firewall from the outside at all. I'm sure there's some tuning to do, but I'm extremely happy with the job that pfSense is doing now.

    Van


Log in to reply