Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Communication issues between WAN and DMZ

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 418 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SGracia
      last edited by

      Hi!

      I'm new here and a bit desperate with an exercise I have on hand. The exercise consists of the following:

      Using VirtualBox, we have to create:

      • A WAN network (where a machine will be, in this case, Kali)
      • A LAN network (where another machine will be, and which the Kali machine can also connect to)
      • A DMZ network (where a Metasploitable machine will be, and which the Kali machine can also connect to)

      The idea, evidently, is as follows:

      • From the WAN: be able to communicate with the DMZ, but not with the LAN.
      • From the LAN: be able to communicate with both the WAN and the DMZ.
      • From the DMZ: be able to communicate with the WAN, but not with the LAN.

      So, in VirtualBox, I configured three interfaces, one for each of the networks. The only peculiarity is that both the LAN and the DMZ have the DHCP server disabled, as I manually configured their IPs:

      • LAN: 10.0.3.x
      • DMZ: 10.0.2.x
      • WAN: 10.0.4.x

      In the Firewall rules, I have configured the following (the version of pfSense I am using is 2.7.2):

      alt text
      alt text
      alt text

      When testing with ping, everything works as it should, except when I reach the WAN and try to ping the DMZ. In this case, I get no response, and I don't know why. Any ideas? Is there something wrong with the rules? Should I check something else? I'm quite new to all this, so I'm a bit lost.

      Thank you very much!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What gateway is the Kali client in the WAN subnet using?
        Normally in a WAN you'd expect it to use the upstream gateway, so an ISP or here probably the VBox NAT gateway. And if that is the case then Kali would have no route to the DMZ subnet behind pfSense.

        Steve

        S 1 Reply Last reply Reply Quote 0
        • S
          SGracia @stephenw10
          last edited by

          Thank you for your response, Steve.

          The gateway of my Kali is 10.0.4.1 (I understand that it's the VBox NAT gateway).

          I have the networks configured like this.

          imagen_2024-05-17_180646557.png

          So, is this the problem? How can i solve it?

          Thanks!

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Well one way to solve it would be to add a static route to 10.0.2.0/24 via the pfSense WAN IP address on the Kali client dircetly.

            You probably don't want the DMZ or LAN networks to be 'NAT' in VBox either. Those should be internal only networks that are only accessible via pfSense. That wouldn't prevent the WAN to DMZ ping though.

            S 1 Reply Last reply Reply Quote 0
            • S
              SGracia @stephenw10
              last edited by

              That worked! Thank you very much, Steve!

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.