How can I setup a DMZ easily??



  • Okay… First, let me say what I want to accomplish.  I've got a network in my house that looks something like this:

    DSL  -->  MODEM  -->  24 port layer 2 switch -->  PfSense (vmware) -->  ESXi

    The PfSense is running under ESXi

    I've got a mail server running and right now a LAN.

    Everything is working fine as far as the internet/connections go.  My wireless is running perfectly, etc.  I've hooked up my PS3 to my network and it is in my LAN.  I've set a static IP for the PS3 by setting a dhcp static rule.

    When I play black ops I am getting NAT TYPE STRICT.  I really this seams very common.  During my research I read that I needed to go in and set UPnP to enabled, so I did.  It is showing up in the settings as a TYPE 2 connection.  However it still is saying STRICT.

    I initially thought of setting up some port forwarding but port 80 is already being directed to my mailserver.  I can't setup to portforward to 2 different IP's can I?

    If not, how can I go about setting up a DMZ.  I searched the forum but I don't understand the OPT interfaces.  Don't really know what that is.

    Can someone please help me get this going?



  • In vSphere client create a new Virtual Machine network - no physical NICs, just a vSphere standard switch.

    Add a connection to this new vSwitch for your pfSense VM and whatever other VMs you want to talk to your DMZ (maybe your mail server?).

    pfSense will now see three networks, your WAN, LAN and OPT1 (your DMZ).

    Here's how mine looks:

    ![ScreenHunter_02 Nov. 04 14.42.jpg](/public/imported_attachments/1/ScreenHunter_02 Nov. 04 14.42.jpg)
    ![ScreenHunter_02 Nov. 04 14.42.jpg_thumb](/public/imported_attachments/1/ScreenHunter_02 Nov. 04 14.42.jpg_thumb)



  • Sorry, I got interrupted just now.

    Your new OPT1 interface is just like any other interface but you do have to create rules to allow VMs access out from the DMZ - to send emails for example.

    You say you have port 80 forwarded to your mail server?  I assume you have port 25 as well or just made a mistake there.

    If you only have one external IP address then you would only be able to forward any given port to one destination IP (VM or physical machine on your LAN).

    I can't answer the PS3 problem but, by default, anything on your LAN should have unrestricted access to the WAN.

    Hope that helps.

    Just re-read your post and realized you might be asking about creating a physical DMZ - which I assume would be connected to your PS3.  Not too much difference between that and creating a virtual one - you just need to join a physical NIC to that vSwitch.   It would still be OPT1 to your pfSense VM.


Locked