LAN –> DMZ Access



  • Hello,
    First of all wanted to say thanks for producing such a great product. I just recently setup a pfsense box and consider myself a noob. I have a WAN connection, LAN connection, and a DMZ. 
    LAN 192.168.150.1/24
    DMZ 192.168.151.1/24
    WAN- External IP/24
    LAN PC- 192.168.150.10

    All of my webservers are located in the DMZ. They are virtual box vms with bridged static connections. My issue is when I setup the LAN and DMZ areas I cannot access any DMZ machines from the LAN. I can ping the DMZ servers from the pfsense box and the LAN connection on the pfsense box but not when trying to connect from my LAN PC it gives me 1/0 match error and blocks the connection. I see this in the logs when I hit option 10 from the pfsense main menu. I have not changed the default LAN firewall rule that allows access to all ports. What do I need to do to get internet access to my DMZ machines and also have the ability to access them via ssh, rdp from the lan. I appreciate any help and look forward to picking your brains.

    Cody



  • Here is a better view of our layout. I don't think my description was good enough. So after I setup the default WAN, LAN, and DMZ what do I need to do to get access from the LAN to the DMZ and get access from WAN to DMZ. The default rules don't give me access to the DMZ from LAN even though the rule seems like it should.  It does let me ping the 192.168.151.99 ip from the pfsense ping application from the LAN interface but it doesn't ping from the 192.168.150.10 PC. I see in the pfsense logs icmp issues. Like I said before I appreciate any help you can offer. I'll update this tonight with screenshots of my firewall rules.




  • Maybe you need to supply the firewall rules.
    I think the default LAN rule is
    Allow LAN NET to *
    And that should do it.
    Otherwise you make a firewall rule in the LAN tab:
    Allow LAN NET to DMZ NET
    That should do it.


Locked