New install - DMZ not seeing out



  • HI, i am new to PFSense and just did my first install - all seems fine as i can see the outside from my LAN and can not see anything to the inside!

    But from my DMZ i can ping the default gateway (OPT1 ip on the wall) and i can ping the WAN ip on the wall but nothing on the other side of that..!?!?!? any ideas please!!

    Have a rule set-up the same as for my LAN, any to any!

    Then once i have this setup what would be the best to set-up my web servers in the DMZ??

    Thanks
      Abe



  • You need to create an advanced outbound NAT entry for your DMZ if you want to NAT it out.

    If you have multiple IP's on WAN create a VIP for each.
    Forward the ports you need to your servers and have if necessary the VIP as "source".

    Also since you created a DMZ i assume you want to restrict access from it to the LAN.
    Create a rule that allows access to the internet and a rule that denies access from the DMZ to your LAN.
    See my sig on how.



  • Thanks, that seemed to do the trick.

    I added a outbound NAT rules
    Created VIP's for the servers in the DMZ
    Added forwarding rules for the ports
    One server works 100% the other i am having some issues with but am sure it should be sorted!

    Thanks guys!!



  • You might want to enable NAT reflection

    advanced –> deactivate "disable NAT reflection".



  • Thanks Gruens Froeschli, you have been a great help - that did the trick for the two web pages that kept on timing out all the time!!

    Thanks, all seems fine now!

    How can i get the firewall log reflecting all traffic it scans?

    Cheers
      Abe



  • Do you mean you want traffic which is allowed logged?
    Just enable the flag "Log" in the config of the rule.

    You might want to have a sys-log server running to which the logs are sent since the local space (RAM) can be used up pretty fast.



  • Cool, thanks

    Issue closed!


Log in to reply