4. [pfsense]DMZ

[pfsense]DMZ

  • N

    Hello.I have server with pfsense(version is pfSense_1.2.3 ), internal ip - 172.16.0.1 , public ips scope x.x.x.18/27 .Server does NATing  for whole network 172.16.0.0/24 ) .

    This image http://img89.imageshack.us/i/testvf.png/  represents the structure of network.
    I need to set 172.16.0.9 to DMZ zone(public ip will be x.x.x.23 )

    Questions:
    1. How to realize this issue by the  correct way ?

    P.S The switches are 3400 Me.
    P.P.S x.x.x.x -  are public "white" ips.

    0
  • C

    In most home firewalls "DMZ mode" refers to completely exposing a system to the Internet - is that what you mean in this case? If not please explain what you want to do.

    0
  • M

    wow, that was hard to read.

    if i understood you, you'll need manual outbound nat for that one ip-address. make sure that rule is abouve default rule to make it work.
    as you like to have dmz don't forget to add 1:1nat and open up some firewall rules.

    0
  • N

    @Cry:

    In most home firewalls "DMZ mode" refers to completely exposing a system to the Internet - is that what you mean in this case? If not please explain what you want to do.

    Yes. i want to open internal comp to "public access" via Internet.

    0
  • N

    @Metu69salemi:

    wow, that was hard to read.

    if i understood you, you'll need manual outbound nat for that one ip-address. make sure that rule is abouve default rule to make it work.
    as you like to have dmz don't forget to add 1:1nat and open up some firewall rules.

    Yes. I think i can do this via this way: add the one public ip from my scope (for example x.x.x.21) like a virtual ip(carp mode) and then add it from 1:1 nat mode.Should i make the manual nat conf?(enable manual conf)

    0
  • M

    if you want that machine to answer with same public ip-address at any time

    0
  • N

    @Metu69salemi:

    if you want that machine to answer with same public ip-address at any time

    1.I need the CARP to do this?yes or no?
    2.And What about outbound manul mode switching?
    3. And in the 2.0  version is this easy and more clear to understand?

    P.S Sorry for somewhere stupid questions  ;)

    0
  • M

    First of all, there is no stupid guestions…

    1. I'd do it with carp or other vip, so yes
    2. Create after carp vip, assign that new vip to the one machine, which is your server. Make sure that this rule is before automatically created rule
    3. Yes it's
    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy