New install - DMZ not seeing out
HI, i am new to PFSense and just did my first install - all seems fine as i can see the outside from my LAN and can not see anything to the inside!
But from my DMZ i can ping the default gateway (OPT1 ip on the wall) and i can ping the WAN ip on the wall but nothing on the other side of that..!?!?!? any ideas please!!
Have a rule set-up the same as for my LAN, any to any!
Then once i have this setup what would be the best to set-up my web servers in the DMZ??
You need to create an advanced outbound NAT entry for your DMZ if you want to NAT it out.
If you have multiple IP's on WAN create a VIP for each.
Forward the ports you need to your servers and have if necessary the VIP as "source".
Also since you created a DMZ i assume you want to restrict access from it to the LAN.
Create a rule that allows access to the internet and a rule that denies access from the DMZ to your LAN.
See my sig on how.
Thanks, that seemed to do the trick.
I added a outbound NAT rules
Created VIP's for the servers in the DMZ
Added forwarding rules for the ports
One server works 100% the other i am having some issues with but am sure it should be sorted!
You might want to enable NAT reflection
advanced –> deactivate "disable NAT reflection".
Thanks Gruens Froeschli, you have been a great help - that did the trick for the two web pages that kept on timing out all the time!!
Thanks, all seems fine now!
How can i get the firewall log reflecting all traffic it scans?
Do you mean you want traffic which is allowed logged?
Just enable the flag "Log" in the config of the rule.
You might want to have a sys-log server running to which the logs are sent since the local space (RAM) can be used up pretty fast.