Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [pfsense]DMZ

    Scheduled Pinned Locked Moved NAT
    8 Posts 3 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      naimson
      last edited by

      Hello.I have server with pfsense(version is pfSense_1.2.3 ), internal ip - 172.16.0.1 , public ips scope x.x.x.18/27 .Server does NATing  for whole network 172.16.0.0/24 ) .

      This image http://img89.imageshack.us/i/testvf.png/  represents the structure of network.
      I need to set 172.16.0.9 to DMZ zone(public ip will be x.x.x.23 )

      Questions:
      1. How to realize this issue by the  correct way ?

      P.S The switches are 3400 Me.
      P.P.S x.x.x.x -  are public "white" ips.

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        In most home firewalls "DMZ mode" refers to completely exposing a system to the Internet - is that what you mean in this case? If not please explain what you want to do.

        1 Reply Last reply Reply Quote 0
        • M
          Metu69salemi
          last edited by

          wow, that was hard to read.

          if i understood you, you'll need manual outbound nat for that one ip-address. make sure that rule is abouve default rule to make it work.
          as you like to have dmz don't forget to add 1:1nat and open up some firewall rules.

          1 Reply Last reply Reply Quote 0
          • N
            naimson
            last edited by

            @Cry:

            In most home firewalls "DMZ mode" refers to completely exposing a system to the Internet - is that what you mean in this case? If not please explain what you want to do.

            Yes. i want to open internal comp to "public access" via Internet.

            1 Reply Last reply Reply Quote 0
            • N
              naimson
              last edited by

              @Metu69salemi:

              wow, that was hard to read.

              if i understood you, you'll need manual outbound nat for that one ip-address. make sure that rule is abouve default rule to make it work.
              as you like to have dmz don't forget to add 1:1nat and open up some firewall rules.

              Yes. I think i can do this via this way: add the one public ip from my scope (for example x.x.x.21) like a virtual ip(carp mode) and then add it from 1:1 nat mode.Should i make the manual nat conf?(enable manual conf)

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                if you want that machine to answer with same public ip-address at any time

                1 Reply Last reply Reply Quote 0
                • N
                  naimson
                  last edited by

                  @Metu69salemi:

                  if you want that machine to answer with same public ip-address at any time

                  1.I need the CARP to do this?yes or no?
                  2.And What about outbound manul mode switching?
                  3. And in the 2.0  version is this easy and more clear to understand?

                  P.S Sorry for somewhere stupid questions  ;)

                  1 Reply Last reply Reply Quote 0
                  • M
                    Metu69salemi
                    last edited by

                    First of all, there is no stupid guestions…

                    1. I'd do it with carp or other vip, so yes
                    2. Create after carp vip, assign that new vip to the one machine, which is your server. Make sure that this rule is before automatically created rule
                    3. Yes it's
                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.