DMZ and Protected on same NIC



  • Hello,

    I've been looking into creating a DMZ because a game I am playing requires my computer to be exposed (its a really old game that uses a P2P like networked multiplayer).

    I've read tutorials for creating DMZ using a second NIC card and I was wondering if it was possible to setup a subnet or something that is DMZ and have the system assigned an IP that was in the DMZ?

    I have a couple reasons why I cannot use the third NIC for DMZ

    1. My pfsense box does not have any more PCI slots
    2. My main desktop is Gentoo, but the game is an old windows games which I am running in a VirtualBox Windows XP using a bridged interface (my virtualbox gets its own IP from pfsense, but shares same eth0 as my gentoo).

    Please add any suggestions.



  • Does it have any USB ports - you could use a USB NIC.  Alternatively, VLANs are what you're after, but you'll need a VLAN capable switch.

    Note that that DMZ in this case isn't necessarily what you're thinking of.  Most SOHO routers use DMZ as a shorthand for forwarding all ports to that host.  I doubt you'll find either VLANs or a DMZ will help you - what you really want to do is forward (just) the relevant ports to the IP of the virtual machine.



  • I've been trying to port forward relevant ports to the client, but it seems the game wants every single port available. it randomly cycles through ports and I can't define a range (besides 0 - 65535) to port forward to my system.

    Every time I try to connect to the game, I see a new firewall log and I add the rule, but it is endless!



  • You can try forwarding the entire range, however… I would expect your VM to be compromised within half an hour if it isn't fully patched and running a software firewall that only allows traffic back in that's related to the outbound traffic (which I doubt is possible from what you say).



  • upnp might be an option if your game supports it.



  • @clarknova:

    upnp might be an option if your game supports it.

    is this an option i set in the game or in pfsense?



  • Possibly both. For sure you have to enable it in pfsense. The game may or may not attempt to use it automatically. If not, you may have to jump into the game preferences and turn it on. A game that is as nasty about open ports as you described almost certainly will support upnp, unless it's so old that the developers of the time had not yet heard of firewalls ;)


Log in to reply