  • I have pfsense set up with WAN, LAN, and DMZ. WAN and LAN traffic are both working as they should. However, the DMZ seems to be completely blocked.

    I have rules that allow all LAN traffic to DMZ, blocks all DMZ traffic to the LAN, and one to all allow all


    I cannot access the DMZ from the LAN. I can ping the DMZ nic but cannot ping anything beyond it.

    Nothing in the DMZ can get anywhere. Watching tcpdump on the interface, I can see DNS requests being sent. I can also see those queries hitting the WAN interface and replies coming back but nothing is ever returned to the DMZ.

    I'd appreciate a clue or two.

    Thank you

  • @thrashcardiom What is the situation in your LAN rules tab?

  • Just an Lan to any rule at this stage.

    I advise to take a 5 minute test :
    Backup you config.
    Reset pfSense to default.
    Setup you WAN.
    Knowing that LAN has - setup your OPT1 or DMZ to - check DHCP on your OPT1 /or DMZ interface.
    Copy exactly the default firewall rule that you can find on the LAN Firewall tab to your OPT1 or DMZ firewall rule tab.
    This is a basic any to any rule.

    Now, LAN behaves equal to DMZ : both can access Internet - both can access each other.

    Afterwards : add your changes step by step - test each step - don't think it's ok, use the principle that's it is wrong until proven otherwise.

    Btw : your image, what interface it ??

  • @Gertjan I'll give that a go later today. The rules showing in the image are the DMZ rules.

  • Working now. Helps if you don't set the DMZ IP to be /32 instead of /24

