HELP with Rules or Nat Please



  • Hello I really could use some help here before i pull the rest of my hair out.

    Senario:

    Wan DHCP - 10.2.2.157/24 - Cisco Router

    Lan 10.0.0.1/24 - Management

    Student Vlan 5 - 10.3.3.1/24 - Unifi Wireless AP

    Faculty - Vlan 6 - 10.1.2.1/24 - Unifi Wireless AP

    DMZ - 192.168.2.1 - Static

    I have some servers that need to be connected via DMZ in my existing lan 10.1.1.0/24 that need to be seen on the Faculty Lan 10.1.2.0/24 but not seen by the Student Lan 10.3.3.1/24 illustrated here.
    i have tried everything rules,nat 1.1, port forward.. nothing works. What am i doing wrong?

    In a netshell i want Faculty vlan to see server 10.1.1.1 connected to the dmz interface.

    Thanks for your advance help!!!!!

    Can someone help please. I really need to get this working asap.



  • Don't post the same thing to multiple forums. Put it in general questions if you aren't sure where to put it. This is a firewalling question so I left this instance.

    You just need to configure your firewall rules accordingly.
    http://doc.pfsense.org/index.php/Firewall_Rule_Basics


  • Rebel Alliance Global Moderator

    So first off I would ask for more information..  For starters this doesn't make any sense

    DMZ - 192.168.2.1 - Static
    In a netshell i want Faculty vlan to see server 10.1.1.1 connected to the dmz interface.

    So which is it - is the faculty vlan 192.168.2.0/?  Or is on a 10.1.1.0/?

    Also curious if your going to want access from the wan to anything behind pfsense - since your wan is private, are you double natting.  Or have you disabled nat on pfsense and just using as router/firewall?

    But if all your talking about is lan side segments to talk or not to talk to other lan segments its simple firewall rules on those interfaces.  If are using nat then port forwarding would come into play and wan firewall rules, if no nat then just firewall rules on wan and lan interfaces to allow the traffic you want.


Locked