[Solved] Routing between LAN & DMZ
-
Just changed my ISP and upgraded to PFSense+ (was on CE). I have a LAN and a DMZ, previous config worked fine... moved the 1:1 NAT to the new ISP address mapping (static /29 pool), and apparently the LAN can't talk to the DMZ and vice versa... the LAN can talk to the DMZ pfsense interface (10.4.14.1) no problem, but cannot reach any hosts on the /29 of the DMZ network. Both the LAN and the DMZ can reach the internet without issue. I'm not yet certain if the WAN can reach the DMZ - more important for now that the LAN can reach it.
Probably missed a configuration somewhere, but I can't think of what it may be.
Neither the LAN nor the DMZ have a gateway assigned (which should be correct). The LAN has a "pass anything outbound" rule which appears to work to reach the internet. The DMZ has a rule to allow anything out that's not touching the LAN, which appears to be working. Below is a screengrab of my LAN rules (very basic settings).
Here's my 1:1 NAT settings:
I've adjusted my Virtual IPs appropriately:
Not sure what else to check :(
EDIT: Found the problem - new ISP moved the modem to the end of the IP block rather than the start, so my gateway was wrong on the DMZ hosts after I moved my pfsense interface from .2 to .1 - adjusting the gateway on one host caused it to suddenly start responding.