PFsense - 2.0.1 - DMZ - Typical Setup



  • Hello

    PFsense version 2.0.1 on a PCEngines ALIX board

    Current setup is 1 X WAN to 1 X LAN

    I am now looking to create a DMZ network from the spare NIC, this will eventually have a local webserver, accessible from the internet….. ie
                        1 X LAN
    1 X WAN.... to
                        1 X DMZ (forwarding Port 80 only)
    Steps used
    a) Create a 3rd interface and assigning its own dedicated IP / Subnet, which is different to the existing LAN - ie 192.168.100.1 /24

    b) Create a bridge to Bridge the WAN to DMZ networks

    c) Create rule for the DMZ to forward WAN port 80, to the dedicated webserver 192.168.100.2 / 24

    d) Create rule for DMZ to forward any port to WAN

    While the above seems to be the most logical setup, however it fails to work in either direction

    Does anyone have any suggestions ??, or even a proven setup i could follow ??

    Thank you



  • I have port forwarding on my WAN interface. I followed your steps A and C (B and D are unnecessary).

    Port forwarding is discussed on page 130 and following in the book "pfSense The Definitive Guide …"

    You haven't provided any information suggesting you should bridge WAN and DMZ. I don't know the details of the ordering of input processing but it is possible the bridge code will decide packets arriving on the WAN interface are for pfSense itself before the port forwarding can take effect.

    Note that it is sometimes necessary to reset firewall states after significant changes to the firewall rules - see Diagnostics -> States, click on Reset States tab.

    On removing the bridging it might be necessary to reboot for that configuration change to fully take effect.


Log in to reply