Multiple ethernet nics routing

Mr.Fw

Helllo everyone,

I've just finished installing my first pfsense firewall.
i have some experience with CheckPoint firewalls, but this kind of setup is new for me.

I've installed the pfsense inside vmware esx 4i server,
and gave the virtual machine 4 virtual nics.

2 of them are connected to physical cables (Wan & Lan),
but the other 2, connected to internal virtual networks.

The network diagram is attached for more details.

Anyway, i'm using different IP pools for each vSwitch.

Wan - Wan Address
Lan - 10.0.0.x/24
WebDMZ - 10.20.20.x/24
SQL-DMZ - 10.30.30.x/24

The thing is, i want the sql server to be able to serve the web server in sql port,
until now, the only way i got to work is setting rule in both interfaces "any to any allow"

which ia kind of stupied way for setting up rules table…

my question is,
Do I need to to static route between these networks?
How should i accomplish the design of this network?

Help Appreciated :)

Thanks!

Alon.

clarknova

You don't need a static route. It should suffice to add a rule on pfsense's WEB interface to pass packets from the web server's address to the sql server's address on the appropriate ports and protocols. Your web and sql servers will both have to know the appropriate gateway and subnet mask for their subnet.