No LAN connection on dual firewall DMZ setup
-
Dear Netgate community,
for a small project, I set up a dual pfsense-DMZ-network as shown below:
The gateway for the 172.30.192.0/20 network is set to 172.30.207.254 and the rules of both firewalls are configured in a way, that should allow basic web traffic.
My problem now is, that every device except those on the 192.168.2.0/24 Network, which is a LAN, does connect to the internet and to each other successfully.
My guess would be, that I need to route the 192.168.2.0 network to the 172.30.172.0 network, or is pfsense doing that on it's own? I already tried that with static routes, which didnt resolve that problem.
Thanks for the help! -
@GermanSoldierDE said in No LAN connection on dual firewall DMZ setup:
My guess would be, that I need to route the 192.168.2.0 network to the 172.30.172.0 network,
Can't see 172.30.172.0 in your drawing. Anyway you can only route something to an IP, not to a network.
How go go here depends on if you want an routing environment or a natting one.
You do obviously already NAT on the internet router and on firewall B. NAT has to be done for both directions, for upstream and downstream packets.
pfSense does NAT by default on the WAN gateway. That means, packets from the LAN behind get the WAN IP as source when they are going out the WAN interface. So I'm wondering that it doesn't work.
This is done by the Outbound NAT. Firewall > NAT > Outbound.If you want a routing environment you have to add routes and should disable outbound NAT.
-
This post is deleted! -
@viragomann
Thank you for your answer.
My bad: I meant the 172.30.192.0 network.
My problem is I can't connect the LAN to the internet from Firewall B.
Thanks.