4. [pfsense]DMZ

[pfsense]DMZ

  • N

    Hello.I have server with pfsense(version is pfSense_1.2.3 ), internal ip - 172.16.0.1 , public ips scope x.x.x.18/27 .Server does NATing  for whole network 172.16.0.0/24 ) .

    This image http://img89.imageshack.us/i/testvf.png/  represents the structure of network.
    I need to set 172.16.0.9 to DMZ zone(public ip will be x.x.x.23 )

    Questions:
    1. How to realize this issue by the  correct way ?

    P.S The switches are 3400 Me.
    P.P.S x.x.x.x -  are public "white" ips.

    0

  • In most home firewalls "DMZ mode" refers to completely exposing a system to the Internet - is that what you mean in this case? If not please explain what you want to do.

    0
  • M

    wow, that was hard to read.

    if i understood you, you'll need manual outbound nat for that one ip-address. make sure that rule is abouve default rule to make it work.
    as you like to have dmz don't forget to add 1:1nat and open up some firewall rules.

    0
  • N

    @Cry:

    In most home firewalls "DMZ mode" refers to completely exposing a system to the Internet - is that what you mean in this case? If not please explain what you want to do.

    Yes. i want to open internal comp to "public access" via Internet.

    0
  • N

    @Metu69salemi:

    wow, that was hard to read.

    if i understood you, you'll need manual outbound nat for that one ip-address. make sure that rule is abouve default rule to make it work.
    as you like to have dmz don't forget to add 1:1nat and open up some firewall rules.

    Yes. I think i can do this via this way: add the one public ip from my scope (for example x.x.x.21) like a virtual ip(carp mode) and then add it from 1:1 nat mode.Should i make the manual nat conf?(enable manual conf)

    0
  • M

    if you want that machine to answer with same public ip-address at any time

    0
  • N

    @Metu69salemi:

    if you want that machine to answer with same public ip-address at any time

    1.I need the CARP to do this?yes or no?
    2.And What about outbound manul mode switching?
    3. And in the 2.0  version is this easy and more clear to understand?

    P.S Sorry for somewhere stupid questions  ;)

    0
  • M

    First of all, there is no stupid guestions…

    1. I'd do it with carp or other vip, so yes
    2. Create after carp vip, assign that new vip to the one machine, which is your server. Make sure that this rule is before automatically created rule
    3. Yes it's
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy