Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Installed DMZ - error on my config

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gborrillo
      last edited by

      Have a basic setup with 3 interfaces:
      WAN 173.99.999.100 /29 ,
      LAN 192.168.0.1/24 , and
      OPT1 192.168.1.1/24 (DMZ web server)

      -Virtual IP created as proxy arp : 173.99.999.102 / 32 on WAN interface (public static IP)

      Im just trying to setup http/s access to the DMZ, but an still unable to access it from outside my LAN.

      Rules / NAT created are shown in screenshots.

      Side note:
      I dont have any rules under my DMZ currently. All the rules shown are on the WAN interface only, other than the automatic rule for wan access for the lan subnet. Not sure if the rules I created should be on DMZ interface as opposed to WAN.

      What am I missing?  Still am unable to access http site from outside my lan…PLUS I also cannot SSH into my DMZ box from within my lan.

      Thanks.
      fw_nat.jpg
      fw_nat.jpg_thumb
      fw_nat_outbound.jpg
      fw_nat_outbound.jpg_thumb
      fw_rules.jpg
      fw_rules.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • K
        kpa
        last edited by

        Few things to try or fix:

        Turn on logging in the firewall rule and see if anything is generated in the log when you try to connect from the outside.

        On that outbound NAT rule change the destination to any, the rules are only for outbound traffic and destination literally means the destination address of an outgoing connection. Keep the interface on that rule as WAN because that's the interface your outgoing traffic will be leaving.

        Allow everything on DMZ interface for now, tighten the rules later when everything is working.

        You probably want only ports 80 and 443 forwarded, not the whole range 80-443.

        1 Reply Last reply Reply Quote 0
        • G
          gborrillo
          last edited by

          Roger that.  Thanks for the tip.  Already changed that 80-443 mishap on my end….will report back shortly.  Appreciate the help

          1 Reply Last reply Reply Quote 0
          • G
            gborrillo
            last edited by

            Bravo.  That did it….Working now.  Now, as you said, just need to tighten it up a bit.  Thank you for your assistance....

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.