Wrong configuration, but it works partially

Farisse

Yeah i know, ... but i have to make my virtual network work.

I couldn't make it. Still searching a solution about how to make it work with this configuration :/

stephenw10

It will probably work fine with 4 layers if NAT, it's just ugly. Any of the solutions I suggested above will work here.

johnpoz

I'm I missing a nat?

internet - 1 Nat (company) -- (hyperV 2nd nat) -- (pfsense 3rd Nat)

stephenw10

Nah, probably me double counting at 2am!

Farisse

Thank you very much guys for replying !! Really big thanks !

I just hang up with IT of my school and it seems that exactly as you thought someone is using the same IP as me.

He uses DHCP IP 10.3.17.4. Thats why sometimes it was working for me and sometimes not.

I could not figure out it was used, because even if i tried to ping i didn't receive an answer.

The IT person checked the logs and saw someone else was using it on another VM.

What I did to solve the problem: easy... you know it, I changed my IP. I am now using 10.3.17.250 who is not used by nobody in the network and it seems to be working (hope it will work until Monday midnight cross fingers!)

So I think my problem is solved !

I just have a stupid question about firewall rules to be sure i did not misunderstand it

I got 3 networks LAN, Guest(WIFI) and DMZ.

The DMZ should have acces to internet or not ? Every connection is allowed to the DMZ but what is allowed to go outside the dmz ?

Thank you very very very much guys !!! (if you are coming to Brussels i'll offer you a beer ! )

stephenw10

@Farisse said in Wrong configuration, but it works partially:

10.3.17.250

Is that IP outside the DHCP range? If not it may fail again.

Whether or not the DMZ gas access to the internet is up to you. What is in it? Do those hosts need top pull OS updates for example? They will need to access the internet for that then or maybe some local update server if you have that.

Steve

Farisse

Its inside the DHCP range, but apparently the IT guy told me that this IP has never been used by anyone. So I have a lot more chance that nobody will use it (we are 10 working on this DHCP range but no communication). So it may fail again, but the chance for someone using the same ip as me right know is low (hope to keep it like this)

I only have an webserver running on port 80. So I could let it open to update my wordpress but otherwise there is no specific rule for a DMZ that cannot acces to internet right ?

stephenw10

If you don't have a rule on the DMZ interface allowing it the server will not be able to connect out.
A web server is exactly the sort of thing that should stay updated though. Especially if it's open to public access.

Steve

Farisse

@stephenw10 Great ! Its as I expected, Thank you very much for your answers !

Farisse