Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help setting up rules for WAN-DMZ bridge

    Scheduled Pinned Locked Moved Virtualization
    3 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      P1X3
      last edited by

      I can't figure out the rules for DMZ-WAN bridge with my esxi setup.

      • vmnic0
      • Connected:
        – pfSense VM
      • vmnic1 (<- for physical computers)
      • vmWare Management Network
      • Connected:
        – pfSense VM
        -- Server1 VM
      • Connected:
        – pfSense VM
        -- Server1 VM
        -- Server2 VM

      I have set "Promiscuous Mode" to accept for vmSwitch2. However Server1 VM and Server2 VM can't connect to the internet via public IP through DMZ interface. Server1 VM can connect to internet if gateway is set for LAN.

      1 Reply Last reply Reply Quote 0
      • H
        hypemedia
        last edited by

        I have the same problem. I have followed all the tutorials on the web but I am missing something the configuration is not working. Is there some guideline on how to do it?  The DMZ is not able to connect to the internet.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          So are you trying to bridge your wan and dmz interfaces?  Or do you just really want a firewalled segment?

          In a bridge your dmz devices would get an IP from your WAN network..  If just a firewall segment, then pfsense interface in the dmz network would be the gateway, etc.

          So for example on pfsense

          wan int = public ip
          lan int = 192.168.1.1/24 for example
          dmz int = 192.168.2.1/24 for example

          device in lan segment be they phy or vm would have a 192.168.1.0/24 address and point to lan int IP of pfsense

          device in dmz segment would have ip 192.168.2.0/24 and point to dmz pfsense int IP for gateway.

          Now when you bring up other interfaces in pfsense (opt1, 2, 3, etc) the firewalls would not allow any traffic outbound on that inteface by default like the lan inteface does when you install pfsense.  So you would have to create your firewall rules to allow the traffic out of that segment that you want.

          If you are following some guide - links to the guides your following would be very helpful in figuring out what your doing wrong, etc.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.