Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DMZ 1:1 NEED HELP DESPERATLY

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Feenix
      last edited by

      Hello guys please help me here. I read thru miles of bolgs and still could not figure out what am i doing wrong.

      All my port forwarding works fine. The machine 192.168.2.8 can recieve SSH connection, and this machine can go out to internet.

      Q1) However anything under my DMZ 10.1.1.1 network, which is NATED 1:1 cannot go out. It can ping  the gateway 10.1.1.1 however I cannot ping it from gateway.

      Q2) I can ping the virtual IPs as long as they are not assigned in 1:1 nat. The moment I assigned them for instance

      10.1.1.52  <– 207.x.x.52   (1:1) nat I cannot ping this wan IP.

      Please help!!!.

      em0 –> WAN   207.x.x.50        GW --> 207.x.X.49
      em1 --> LAN   192.168.2.1 /24  
      em2 --> DMZ   10.1.1.1 /24      GW --> 207.x.X.49

      VIRTUAL IP    207.x.x.51    CARP
      VIRTUAL IP    207.x.x.52    CARP
      VIRTUAL IP    207.x.x.53    CARP
      VIRTUAL IP    207.x.x.59    CARP

      LAN
      ALLOW PROTO=ICMP,    SRC=, PORT=, DEST=, PORT=, GATEWAY=,
      ALLOW PROTO=TCP/UDP  SRC=
      , PORT=, DEST=, PORT=, GATEWAY=,

      WAN
      ALLOW PROTO=ICMP,       SRC=, PORT=, DEST=, PORT=, GATEWAY=*
      ALLOW PROTO=TCP/UDP,    SRC=, PORT=, DEST=, PORT=, GATEWAY=*

      DMZ (opt)

      ALLOW PROTO=ICMP,         SRC=, PORT=,                  DEST=,             PORT=,    GATEWAY=*
      ALLOW PROTO=TCP/UDP,    SRC=, PORT=,                  DEST=,             PORT=,    GATEWAY=*
      ALLOW PROTO=TCP/UDP,    SRC=207.x.x.59,    PORT=, DEST=10.1.1.52, PORT=,    GATEWAY=*
      ALLOW PROTO=TCP/UDP,    SRC=,                  PORT=, DEST=10.1.1.52, PORT=80,  GATEWAY=*

      FIREWALL: NAT: PORT FORWARD

      IF=WAN, PROTO=TCP/UDP, EXT. PORT RANGE= 22(SSH), NAT IP= 192.168.2.8 (EXT.:207.47.125.51), INT. PORT RANGE=22(SSH)

      1:1
      INTERFACE=WAN,  EXTERNAL IP= 207.x.X.58 /32,  INTERNAL IP=10.1.1.52/32

      OUTBOUND

      AUTOMATIC OUTBOUND NAT RULE GENERATION (IPSEC PASSTHROUGH)

      [#] MANUAL OUTBOUND NAT RULE GENERATION (ADVANCE OUTBUOND NAT (AON))

      INTERFACE=WAN, SRC=192.168.2.0/24, SRC PORT=, DESTINATION PORT=, NAT ADDRESS=207.X.X.51, NAT PORT=*, STATIC PORT=NO

      1 Reply Last reply Reply Quote 0
      • E
        Eugene
        last edited by

        Probably you just need to add outgoing NAT
        INTERFACE=WAN, SRC=10.1.1.0/24, SRC PORT=, DESTINATION PORT=, NAT ADDRESS=207.X.X.51, NAT PORT=*, STATIC PORT=NO

        http://ru.doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.