• I have a Pfsense 1.0.1 with 4 nics
    LAN*                    ->  xl0    ->
    WAN*                    ->  xl1    ->      2xx.xx.x.x(DHCP) ( not a private ip)
    OPT1(DMZ)*              ->  xl2    ->
    OPT2(DMZ2)              ->  xl3    ->

    I can ping the DMZ form the LAN, but not from the DMZ to the LAN ( or anywhere else)
    I tried to ad a rule that alows "all trafic" in the DMZ  ( same as default rule in LAN )
    "tcp DMZ net * * * * " and
    "icmp * ** * "

    I tried also to "unblock " private networks in "interfaces/wan" but it didn't help 
    any pointers ?

  • There is no reason why this should not work. I have a similar setup and I am experiencing no problems. Try updating to the latest snapshot at http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/

    The unblock private networks only applies to the WAN interface, and would not affect you being able to ping from your DMZ to LAN segment.

  • @Klexx:

    "tcp DMZ net * * * * " and
    "icmp * ** * "

    If you only use protocol TCP pings won't work as they are icmp ;)
    Default LAN rule uses any as protocol.

  • Hi, TNX I changed the default rule to " *  DMZ net * * * * " witch by my understading should alow annything  in the DMZ net ( not what i wanted, but a start ;- ) ) so i can now ping the fw ( ) but it now seems like its ( the ping ) is picked up by the ICMP  ( ICMP * * **  ) rule even if the ICMP rule is located after the "alowe all ( *  DMZ net * * * *  )  "rule ?   
    But  the dns request is still blocked in the fw  ( ping google.com ….. can not resolve : host name lookup failure ) and it's showing up in the log as blocked by @373 bloc drop in log quick all label " Default block all just to bee shure. "

  • Do you use the DNS-Forwarder or an external DNS-Server? It now really should work. Maybe try upgrading to a recent snapshot though I don't think that there is a problem with this config and 1.0.1 release.

  • I use DNS forward, I also tried to oppgrade to pfSense-Full-Update-1.0.1-SNAPSHOT-02-18-2007.tgz with resulted in total lockdown had to reinnstall the old 1.0.1 ;-)

  • You must have some invalid configuration. Never seen something like this before. Try restarting from scratch and recreate your config step by step and test in between the steps.