Frustrated: DMZ has no access to Internet

  • I have just installed pfsense on a Soekris net4801 in place of m0n0wall.

    I have a cable connection that is 15Mb/2Mb with 13 static IP addresses so I can setup some servers in a DMZ.

    I setup everything in what I thought was a pretty simple and straight forward manner.  But for some reason, and this where the frustration comes in, my DMZ cannot access the Internet and nothing from the Internet can get to the DMZ.

    I took several screenshots of my configuration to make things easier for anyone willing to help (which would be greatly appreciated!)

    Oddly enough, the firewall log shows that traffic from the DMZ out to websites on the internet is being allowed, but it's never coming back…

    Here's a link to my screenshots:

  • Do you have proxy ARP configured for those public IP's? Everything looks like it's configured fine, so it's most likely an ARP issue of some sort. If you're replacing an existing firewall, ARP cache on your upstream router will also be an issue, you'll need to power cycle it or clear the ARP cache.

  • I will power cycle my cable modem/router.

    How do I configure Proxy ARP?  (I think I remember it being a check box in m0n0wall when setting up the NAT.)

  • Setting up Virtual IP addresses for my public IP's seems to be the answer!

    Thanks for the help.

