DMZ access to LAN and WAN trouble
kelix-10 last edited by
Hi, I am trying to set up a DMZ with pfSense, and have run into some issues, currently I have access to the internet from my LAN, but I can’t get access either to or from my DMZ from any other location. As of now, I set up a rule to allow all from the DMZ & LAN (for testing purposes), and configured manual NAT for the networks.
I can ping the pfSense interface for the DMZ from both the switch on the DMZ, and from the LAN.
I don’t think this is overly relevant, but just in case it is; I had to configure static routes on pfSense and the routers in the LAN to get access to the internet from anything on the other side of the routers.
I also have RIP set up in pfSense for both the DMZ and LAN, and have RIP / ospf redistribution on the Morrisville router.
When I run a trace route, It will make it to the pfSense LAN interface, but not any farther (when I try to get access from the LAN),and it will make it to the DMZ interface but not any farther when testing from there.
attached are screenshots of NAT settings, the LAN rule, WAN rule, and my network configuration
for the screenshot of what I have right now for NAT, the 172.16.0.0 /16 is for all LAN connections, the 172.16.72.0 /22 is specifically a remote network connecting through the LAN interface, and the 10.0.0.0 /8 is for the DMZ
The 172.16.0.0 /16 is the rule I have set up for our LAN network (which has internet connectivity)
The 10.0.0.0 /8 is the rule I have set up for the DMZ interface, which does not seem to work
Any help or insight would be highly appreciated!
![current NAT.PNG](/public/imported_attachments/1/current NAT.PNG)
![current NAT.PNG_thumb](/public/imported_attachments/1/current NAT.PNG_thumb)
![LAN rule.PNG](/public/imported_attachments/1/LAN rule.PNG)
![LAN rule.PNG_thumb](/public/imported_attachments/1/LAN rule.PNG_thumb)
![DMZ rule.PNG](/public/imported_attachments/1/DMZ rule.PNG)
![DMZ rule.PNG_thumb](/public/imported_attachments/1/DMZ rule.PNG_thumb)
![Network picture 2.PNG](/public/imported_attachments/1/Network picture 2.PNG)
![Network picture 2.PNG_thumb](/public/imported_attachments/1/Network picture 2.PNG_thumb)
phospher last edited by
not that this at all helps but why do you have static routes setup if your using rip and ospf?
kelix-10 last edited by
It wasn't routing out to the internet (except the router, which could) before I added the static routes.
Eugene last edited by
From which IP 172.16.x.x are you trying to ping which IP 10.x.x.x?
Your second rule in NAT will be never applied but this is not a problem now.