Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Please check my setup plus couple questions

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 4 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      far_ken_beauty
      last edited by

      @tedced:

      Because I have my web server on the DMZ do I need an allow rule on the WAN as well as the DMZ as I have done?
      No, you do not need the rule on the DMZ for outsiders to use your site
      What is the best way to setup access to the server on the DMZ from the LAN interface?
      it depends on how you want to access it; setup rules for HTTP, SMTP, RDP, POP etc…
      How I can I access my website from my LAN via its domain name like www.domain.com when it is hosted on the dmz?
      Do you have an internal DNS server? The easiest way would be to have an internal DNS server point to the 192.168.1.10 address of your server
      I would like my server on the DMZ to be able to access the internet for updates etc, is the rule correct? Works but is it to open?
      "Works but is it to open" Thats bang on. Just allow through what you need too.

      Thankyou I have removed the extra rule on the DMZ.

      I will try a few rules for access to the server. I need to access a share as well as vnc.

      I don't have an internal DNS but could set one up on the server.

      As for having access for the server on the DMZ i will try a few rules. Any suggestions. Source ip of machine on port 80 to port 80 for web access?

      Many thanks.

      1 Reply Last reply Reply Quote 0
      • F
        far_ken_beauty
        last edited by

        @tedced:

        I'd restrict traffic from DMZ >> LAN

        create any allow rules you want for DMZ >> LAN
        then create a reject rule that catches everything else DMZ >> LAN

        place them before your DMZ >> ANY rule

        Will try thanks.

        1 Reply Last reply Reply Quote 0
        • F
          far_ken_beauty
          last edited by

          @tedced:

          I'd restrict traffic from DMZ >> LAN

          create any allow rules you want for DMZ >> LAN
          then create a reject rule that catches everything else DMZ >> LAN

          place them before your DMZ >> ANY rule

          I am having a few issues sorting out rules so that DMZ can only access internet and not LAN.
          I want the LAN to access the DMZ although.
          Any pointers?

          1 Reply Last reply Reply Quote 0
          • P
            Perry
            last edited by

            might help you out http://doc.m0n0.ch/handbook/examples.html

            /Perry
            doc.pfsense.org

            1 Reply Last reply Reply Quote 0
            • jahonixJ
              jahonix
              last edited by

              @far_ken_beauty:

              I am having a few issues sorting out rules so that DMZ can only access internet and not LAN.

              This is rather easy: on the DMZ create a rule that drops (or rejects) all packets with destination LAN.

              @far_ken_beauty:

              I want the LAN to access the DMZ although.

              ;-)
              So you don't want to disable DMZ -> LAN completely as stated above!
              Usually we have a two way communication. LAN sends a request to DMZ and DMZ answers to LAN. The latter conflicts with  'DMZ can only access the internet' …

              Create dedicated rules for the services you want to have access to.
              Following Perry's link is a good start.

              Chris

              1 Reply Last reply Reply Quote 0
              • F
                far_ken_beauty
                last edited by

                Thanks guys I will check out Perrys link. Thanks Perry.
                Yeah I just want to secure the DMZ from the LAN, but still need some access. I will investigate opening up certain services that I need.
                Cheers.

                1 Reply Last reply Reply Quote 0
                • F
                  far_ken_beauty
                  last edited by

                  @Perry:

                  might help you out http://doc.m0n0.ch/handbook/examples.html

                  Helped a treat!

                  1 Reply Last reply Reply Quote 0
                  • F
                    far_ken_beauty
                    last edited by

                    Ok getting there…....
                    I can access this from the LAN but not DMZ even when I give DMZ access to all.
                    ftp://ftp.bom.gov.au/anon/gen/fwo/IDV17101.txt a port issue? Works on LAN though. :-\

                    1 Reply Last reply Reply Quote 0
                    • jahonixJ
                      jahonix
                      last edited by

                      search the forum for 'FTP-Helper'

                      Chris

                      1 Reply Last reply Reply Quote 0
                      • F
                        far_ken_beauty
                        last edited by

                        @jahonix:

                        search the forum for 'FTP-Helper'

                        Chris

                        You my friend are a champ! Disable the ftp helper and away it goes ;D
                        Thanks mate. ;)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.