DMZ access to LAN and WAN trouble



  • Hi, I am trying to set up a DMZ with pfSense, and have run into some issues, currently I have access to the internet from my LAN, but I can’t get access either to or from my DMZ from any other location. As of now, I set up a rule to allow all from the DMZ & LAN (for testing purposes), and configured manual NAT for the networks.

    I can ping the pfSense interface for the DMZ from both the switch on the DMZ, and from the LAN.

    I don’t think this is overly relevant, but just in case it is; I had to configure static routes on pfSense and the routers in the LAN to get access to the internet from anything on the other side of the routers.

    I also have RIP set up in pfSense for both the DMZ and LAN, and have RIP / ospf redistribution on the Morrisville router.

    When I run a trace route, It will make it to the pfSense LAN interface, but not any farther (when I try to get access from the LAN),and it will make it to the DMZ interface but not any farther when testing from there.

    attached are screenshots of NAT settings, the LAN rule, WAN rule, and my network configuration

    for the screenshot of what I have right now for NAT, the 172.16.0.0 /16 is for all LAN connections, the 172.16.72.0 /22 is specifically a remote network connecting through the LAN interface, and the 10.0.0.0 /8 is for the DMZ

    The 172.16.0.0 /16 is the rule I have set up for our LAN network (which has internet connectivity)

    The 10.0.0.0 /8 is the rule I have set up for the DMZ interface, which does not seem to work

    Any help or insight would be highly appreciated!
    -Seamus

    ![current NAT.PNG](/public/imported_attachments/1/current NAT.PNG)
    ![current NAT.PNG_thumb](/public/imported_attachments/1/current NAT.PNG_thumb)
    ![LAN rule.PNG](/public/imported_attachments/1/LAN rule.PNG)
    ![LAN rule.PNG_thumb](/public/imported_attachments/1/LAN rule.PNG_thumb)
    ![DMZ rule.PNG](/public/imported_attachments/1/DMZ rule.PNG)
    ![DMZ rule.PNG_thumb](/public/imported_attachments/1/DMZ rule.PNG_thumb)
    ![Network picture 2.PNG](/public/imported_attachments/1/Network picture 2.PNG)
    ![Network picture 2.PNG_thumb](/public/imported_attachments/1/Network picture 2.PNG_thumb)



  • not that this at all helps but why do you have static routes setup if your using rip and ospf?



  • It wasn't routing out to the internet (except the router, which could) before I added the static routes.



  • From which IP 172.16.x.x are you trying to ping which IP 10.x.x.x?
    Your second rule in NAT will be never applied but this is not a problem now.


Log in to reply