• I have a Pfsense 1.0.1 with 4 nics
    LAN*                    ->  xl0    ->      10.0.0.1
    WAN*                    ->  xl1    ->      2xx.xx.x.x(DHCP) ( not a private ip)
    OPT1(DMZ)*              ->  xl2    ->      10.1.0.1
    OPT2(DMZ2)              ->  xl3    ->      10.2.0.1

    I can ping the DMZ form the LAN, but not from the DMZ to the LAN ( or anywhere else)
    I tried to ad a rule that alows "all trafic" in the DMZ  ( same as default rule in LAN )
    "tcp DMZ net * * * * " and
    "icmp * * 10.1.0.1* * "

    I tried also to "unblock " private networks in "interfaces/wan" but it didn't help 
    any pointers ?


  • There is no reason why this should not work. I have a similar setup and I am experiencing no problems. Try updating to the latest snapshot at http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/

    The unblock private networks only applies to the WAN interface, and would not affect you being able to ping from your DMZ to LAN segment.


  • @Klexx:

    "tcp DMZ net * * * * " and
    "icmp * * 10.1.0.1* * "

    If you only use protocol TCP pings won't work as they are icmp ;)
    Default LAN rule uses any as protocol.


  • Hi, TNX I changed the default rule to " *  DMZ net * * * * " witch by my understading should alow annything  in the DMZ net ( not what i wanted, but a start ;- ) ) so i can now ping the fw ( 10.1.0.1 ) but it now seems like its ( the ping ) is picked up by the ICMP  ( ICMP * * 10.1.0.1 **  ) rule even if the ICMP rule is located after the "alowe all ( *  DMZ net * * * *  )  "rule ?   
    But  the dns request is still blocked in the fw  ( ping google.com ….. can not resolve : host name lookup failure ) and it's showing up in the log as blocked by @373 bloc drop in log quick all label " Default block all just to bee shure. "


  • Do you use the DNS-Forwarder or an external DNS-Server? It now really should work. Maybe try upgrading to a recent snapshot though I don't think that there is a problem with this config and 1.0.1 release.


  • I use DNS forward, I also tried to oppgrade to pfSense-Full-Update-1.0.1-SNAPSHOT-02-18-2007.tgz with resulted in total lockdown had to reinnstall the old 1.0.1 ;-)


  • You must have some invalid configuration. Never seen something like this before. Try restarting from scratch and recreate your config step by step and test in between the steps.