PfSense bastion / choke

Reply to PfSense bastion / choke on Fri, 06 Dec 2013 19:47:39 GMT

stephenw10 — Fri, 06 Dec 2013 19:47:39 GMT

How are your subnets arranged? Either of these pfSense installs transparent?

Do you have the correct update URL set in System: Firmware: Updater Settings: ?

Try this: https://doc.pfsense.org/index.php/Controlling_IPv6_or_IPv4_Preference

Steve

Reply to PfSense bastion / choke on Fri, 06 Dec 2013 18:57:16 GMT

pama — Fri, 06 Dec 2013 18:57:16 GMT

It is me again
Need urgent help!!!
DMZ works like a charm but….
DMZ gateway is the bastion firewall
From lan I cannot reach any DMZ host but only if I don't ping before.

Is there a sort of "keepalive" port?

Thanks

Andrea

Reply to PfSense bastion / choke on Thu, 21 Nov 2013 11:32:13 GMT

pama — Thu, 21 Nov 2013 11:32:13 GMT

@pama:

Hi mates,
I am working on a bastion / choke configuration for my dmz:

Internet–-pfsense bastion----DMZ-----pfsense choke-----LAN

The pfsense bastion is able to check for updates, but the choke one not, even if it is able to ping internet hosts (such as 8.8.8.8 ) from dmz interface and lan interface.
I assume it is something about the loopback interface, that it isn't able to ping anything.
Routes are correct, the default gateway for the dmz is the choke firewall. DMZ hosts can browse internet and/or ping internet hosts.

Thanks anyone

Andrea

Now I am able to trace route from dmz, lan and loopback interface, and dns reply to all but I am always not able to check for updates and/or install packages….