Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting up OPT1 as a DMZ Subnet

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      davinci212
      last edited by

      This is my first post, and I'd like to apologize in advance if this question has already been posed. I spent about 20 minutes searching the forums and was unable to find a question. I also tried finding documentation without luck.

      I setup pfsense with three NICs: LAN, WAN, and OPT1. I'd like to have the OPT1 NIC separate From my internal LAN , but using the same ISP, for web and FTP servers. I have the LAN and WAN setup correctly, but I am a little clueless as how to setup the routing/firewall rules. Can one of you experts give me step-by-step directions, or point me to where I can find the answer?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        http://doc.m0n0.ch/handbook/examples.html

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • D
          davinci212
          last edited by

          @Perry:

          http://doc.m0n0.ch/handbook/examples.html

          Thanks Perry! That's exactly what I was looking for!!

          1 Reply Last reply Reply Quote 0
          • M
            MuDvAyNe
            last edited by

            Thanks for this post and the reply!! I have been meaning to tackle this for a long time but never got around to doing it until today. I was following the above guide and had everything set up identical to the steps listed, but I was unable to access the Internet from a DMZ machine. I triple checked my rules but everything looked fine and I couldn't figure out why it wasn't working. I was about to post for some help, but after one last check of my settings, I noticed the NAT Outbound tab. I remember back when I had first setup my pfSense (two years ago) that in order to get Hamachi and the KAD Network to connect properly, I had to manually specify outbound NAT rules in doing this, a NOTE under the tab states:

            If advanced outbound NAT is enabled, no outbound NAT rules will be automatically generated any longer

            In checking these rules, I saw that there was a rule which was allowing my LAN connection to access the Internet and thus manually created one for my DMZ based off the same rule. This fixed my problem!! So for anyone else out there that is using the Advanced Outbound NAT Rules and trying to setup a DMZ, remember to manually create an OUTBOUND rule for your DMZ to access the Internet in ADDITION to the steps outlined in the Monowall guide.

            Thanks again

            pfSense v 1.2-Release
            PII 350 256MB RAM
            HD Installed
            Cable Internet Connection
            LAN/WAN/DMZ
            Outbound Rules
            Inbound NAT

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.