NAT exemption
-
Hello.
I'm trying to setup pfsense and although everything seems to be running smooth, I do have a problem:
My WAN connection is a /29 address, in which I have some servers (let's call it a DMZ)
I then have several internal networks (VLANs), and I would like to setup pfsense so that when an internal machine tries to reach my DMZ, it is exempt from NAT.I already tried to add a new rule in the Outbound section of NAT, but with no success. Has anyone else managed to get this configuration working?
Thank you,
-
Can you show a screenshot of the rules you tried?
Do your servers in the DMZ know the route back to these VLANs?
Otherwise they don't know where to send a response to a request. -
I attach my firewall rule.
As for the route, yes, the DMZ servers have the route back.
I just don't now how to do the exemption from pfsense. Also, looking directly with pfctl (which I am not familiar with, being an iptables guy :)), I can't seem to find this rule.
Anyone else tried this scenario?
Thank you,
-
You've set the interface to LAN.
However outbound rules are applied on the interface on which traffic leaves.
So this should be your DMZ interface. -
I had already tried it, but changed it again.
Then, from an internal machine, I try to access DMZ (which is also WAN for pfsense) but it still translates.
One thing I noted, if I run "pfctl -s all" I can not see this rule. It appears it doesn't get applied.
Since I am away, I will not try a reboot now :P, but do you think this may be it?
Is there a command line version of this so that I can try "manually"?
Thank you again
