• I have two WAN interfaces link bounded: WAN: and  WAN2 they are setup as gateway WEB

    I have two extra interfaces Lan: and WDMZ

    I can access the internet from the LAN interface but not WDMZ.

    I have allowed access from the WDMZ to the Web gateway. WDMZ to WAN and WDMZ WAN2 but I still can't access the internet. not sure what I am doing wrong?

    Any help would be great!!!. Thanks

  • It sounds like your WDMZ rules are just allowing access to WANnet, WAN2net. That will only let you get to your WAN devices to configure them! To access the whole internet you need destination any in the rule.

  • just tried it, that didn't work… I've allowed WDMZ through the WAN interface and WAN2 interfaces and still no access ?

  • Looks like you are missing the proper Outbound NAT config. In these cases most times you have to set it up manually. The idea is to create a rule on each WAN interface for each LAN segment you want to allow access


  • reviewing my fw logs, it looks like traffic is getting blocked on the WDMZ interface… but there are no rules preventing traffic on this interface? any ideas

  • Everything is blocked by default on extra interfaces (and on WAN). LAN is the only interface that is given a pass rule in the factory default setup. You need to add pass rules on WDMZ to allow the traffic initiated from WDMZ to be accepted by the firewall.
    If you are confused, then post the rules that you have on each of your interfaces.

  • Hello, Phil,  :)

    I'm having the same problem. You got solution?
    Could you help me please!

    thank you
    Fernando Silveira

  • The cause of the issue originally posted was probably misconfigured firewall rules (he never confirmed though)

    Post the rules you have, describe your situation and we will help you  :)

  • Good Morning George/All of,

    Sorry my english,

    I have installed pfSense 2.1-RELEASE (amd64), recently acquired over a dedicated link. The second WAN2 is working almost perfectly rsrsr. If I have a machine configured for the rule to use the pfSense WAN2 the GATEWAY, I browse the internet, access my network (lan) without problem. MOST can not access the DMZ (

    1. Running ping, Interface DMZ pfsense, it responds.
    2. Any other machine on the DMZ does not respond
    3. I found that running traceroute to a machine in the DMZ, it is routed to the internet.

    Interface DMZ only two rules

    DMZ  net access all
    LAN net access DMZ net

    [2.1-RELEASE][root@router]/root(7): netstat -rn
    Routing tables

    Destination        Gateway            Flags    Refs      Use  Netif Expire
    default            200.Y.Y.41        UGS        0 55473923  fxp0        link#3            U          0 190866678    em0          link#3            UHS        0        0    lo0        link#4            U          0 151524091    em1          link#4            UHS        0        0    lo0          UGS        0  621765 ovpns1          link#15            UHS        0        0    lo0          link#15            UH          0        0 ovpns1          link#16            UHS        0        0    lo0          link#16            UH          0        0 ovpns2          link#11            UH          0        1    lo0
    177.X.X.X/29      link#2            U          0      61  fxp1
    177.X.X.202        link#2            UHS        0        1    lo0    link#3            U          0  207471    em0      link#3            UHS        0        0    lo0          UGS        0  5096955 ovpns2
    200.Y.Y.Y/29      link#1            U          0        0  fxp0
    200.Y.Y.42        link#1            UHS        0        0    lo0
    200.Y.Y.225        200.Y.Y.41    UGHS        0  341792  fxp0

    If someone can give me an idea, thanks
    Thank you, Georgeman

    Fernando Silveira

  • So you cannot access DMZ from the machine that connects through WAN2?

    It looks like you have specified a gateway for your LAN interface. Make sure the LAN gateway is set to "None".

    Also, you don't need rules on the DMZ for this, and you shouldn't have any! The idea of a DMZ is that its devices cannot access the devices on LAN right? The only rules on DMZ should be the ones that allow its devices to access internet, if necessary.

    Do you speak spanish? If that's the case, post in the spanish forum, I'll help you (I'm from Argentina)

  • Enclosed are my rules, not understanding what I'm doing wrong… I can't put all screen shots ...