Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DMZ access to LAN and WAN trouble

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kelix-10
      last edited by

      Hi, I am trying to set up a DMZ with pfSense, and have run into some issues, currently I have access to the internet from my LAN, but I can’t get access either to or from my DMZ from any other location. As of now, I set up a rule to allow all from the DMZ & LAN (for testing purposes), and configured manual NAT for the networks.

      I can ping the pfSense interface for the DMZ from both the switch on the DMZ, and from the LAN.

      I don’t think this is overly relevant, but just in case it is; I had to configure static routes on pfSense and the routers in the LAN to get access to the internet from anything on the other side of the routers.

      I also have RIP set up in pfSense for both the DMZ and LAN, and have RIP / ospf redistribution on the Morrisville router.

      When I run a trace route, It will make it to the pfSense LAN interface, but not any farther (when I try to get access from the LAN),and it will make it to the DMZ interface but not any farther when testing from there.

      attached are screenshots of NAT settings, the LAN rule, WAN rule, and my network configuration

      for the screenshot of what I have right now for NAT, the 172.16.0.0 /16 is for all LAN connections, the 172.16.72.0 /22 is specifically a remote network connecting through the LAN interface, and the 10.0.0.0 /8 is for the DMZ

      The 172.16.0.0 /16 is the rule I have set up for our LAN network (which has internet connectivity)

      The 10.0.0.0 /8 is the rule I have set up for the DMZ interface, which does not seem to work

      Any help or insight would be highly appreciated!
      -Seamus

      ![current NAT.PNG](/public/imported_attachments/1/current NAT.PNG)
      ![current NAT.PNG_thumb](/public/imported_attachments/1/current NAT.PNG_thumb)
      ![LAN rule.PNG](/public/imported_attachments/1/LAN rule.PNG)
      ![LAN rule.PNG_thumb](/public/imported_attachments/1/LAN rule.PNG_thumb)
      ![DMZ rule.PNG](/public/imported_attachments/1/DMZ rule.PNG)
      ![DMZ rule.PNG_thumb](/public/imported_attachments/1/DMZ rule.PNG_thumb)
      ![Network picture 2.PNG](/public/imported_attachments/1/Network picture 2.PNG)
      ![Network picture 2.PNG_thumb](/public/imported_attachments/1/Network picture 2.PNG_thumb)

      1 Reply Last reply Reply Quote 0
      • P
        phospher
        last edited by

        not that this at all helps but why do you have static routes setup if your using rip and ospf?

        1 Reply Last reply Reply Quote 0
        • K
          kelix-10
          last edited by

          It wasn't routing out to the internet (except the router, which could) before I added the static routes.

          1 Reply Last reply Reply Quote 0
          • E
            Eugene
            last edited by

            From which IP 172.16.x.x are you trying to ping which IP 10.x.x.x?
            Your second rule in NAT will be never applied but this is not a problem now.

            http://ru.doc.pfsense.org

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.