Need help setting up rules for WAN-DMZ bridge



  • I can't figure out the rules for DMZ-WAN bridge with my esxi setup.

    • vmnic0
    • Connected:
      – pfSense VM
    • vmnic1 (<- for physical computers)
    • vmWare Management Network
    • Connected:
      – pfSense VM
      -- Server1 VM
    • Connected:
      – pfSense VM
      -- Server1 VM
      -- Server2 VM

    I have set "Promiscuous Mode" to accept for vmSwitch2. However Server1 VM and Server2 VM can't connect to the internet via public IP through DMZ interface. Server1 VM can connect to internet if gateway is set for LAN.



  • I have the same problem. I have followed all the tutorials on the web but I am missing something the configuration is not working. Is there some guideline on how to do it?  The DMZ is not able to connect to the internet.


  • Rebel Alliance Global Moderator

    So are you trying to bridge your wan and dmz interfaces?  Or do you just really want a firewalled segment?

    In a bridge your dmz devices would get an IP from your WAN network..  If just a firewall segment, then pfsense interface in the dmz network would be the gateway, etc.

    So for example on pfsense

    wan int = public ip
    lan int = 192.168.1.1/24 for example
    dmz int = 192.168.2.1/24 for example

    device in lan segment be they phy or vm would have a 192.168.1.0/24 address and point to lan int IP of pfsense

    device in dmz segment would have ip 192.168.2.0/24 and point to dmz pfsense int IP for gateway.

    Now when you bring up other interfaces in pfsense (opt1, 2, 3, etc) the firewalls would not allow any traffic outbound on that inteface by default like the lan inteface does when you install pfsense.  So you would have to create your firewall rules to allow the traffic out of that segment that you want.

    If you are following some guide - links to the guides your following would be very helpful in figuring out what your doing wrong, etc.