Need help setting up rules for WAN-DMZ bridge
-
I can't figure out the rules for DMZ-WAN bridge with my esxi setup.
- vmnic0
- Connected:
– pfSense VM
- vmnic1 (<- for physical computers)
- vmWare Management Network
- Connected:
– pfSense VM
-- Server1 VM
- Connected:
– pfSense VM
-- Server1 VM
-- Server2 VM
I have set "Promiscuous Mode" to accept for vmSwitch2. However Server1 VM and Server2 VM can't connect to the internet via public IP through DMZ interface. Server1 VM can connect to internet if gateway is set for LAN.
-
I have the same problem. I have followed all the tutorials on the web but I am missing something the configuration is not working. Is there some guideline on how to do it? The DMZ is not able to connect to the internet.
-
So are you trying to bridge your wan and dmz interfaces? Or do you just really want a firewalled segment?
In a bridge your dmz devices would get an IP from your WAN network.. If just a firewall segment, then pfsense interface in the dmz network would be the gateway, etc.
So for example on pfsense
wan int = public ip
lan int = 192.168.1.1/24 for example
dmz int = 192.168.2.1/24 for exampledevice in lan segment be they phy or vm would have a 192.168.1.0/24 address and point to lan int IP of pfsense
device in dmz segment would have ip 192.168.2.0/24 and point to dmz pfsense int IP for gateway.
Now when you bring up other interfaces in pfsense (opt1, 2, 3, etc) the firewalls would not allow any traffic outbound on that inteface by default like the lan inteface does when you install pfsense. So you would have to create your firewall rules to allow the traffic out of that segment that you want.
If you are following some guide - links to the guides your following would be very helpful in figuring out what your doing wrong, etc.
