NAT for DMZ not working



  • Hi,

    Recently my hardware Firewall failed, until the replacement comes I need to get PfSense working, but I am failing. I have three physical connections as follows:
    •LAN
    •DMZ (Opt1)
    •WAN
    I am trying to get Internet connection between the DMZ and WAN using the NAT but cannot get any DMZ server to recieve the Internet. To start with I have fully opened the Rules to allow all traffic (once I have the internet working I will apply the original rules). I can access LAN to DMZ no problem.
    I have provided a NAT:outbound rules as follows:
    •Interface: WAN
    •Source & source port: *
    •Destination & dest port: *
    •NAT address: *
    Note that PfSense can access the Internet fine and performs DNS lookups and pings to google. From the DMZ a trace route to google IP also fails

    Any suggestions?



  • Did you try the Automatic outbound NAT rule generation?



  • If you are set to manual outbound nat, you will need to add the DMZ network to list. I don't think an any is going to work here. There should be a rule for LAN and one for DMZ. Setting the source as something like DMZnet or LANnet or 10.0.0.0/24 and such.



  • Have tried the automatic NAT, but no luck



  • Thanks podilarius for your comments but I have tried your suggestions with no luck



  • Did you setup an allow rule in the OPT1 firewall settings? By default no rule is added and will thus block all connections.


Locked