Modem / ADSL to pfSense > DMZ ?



  • I hope this is not too OT:
    Here in Bolivia you don't have access to your ADSL modem, only the tech from the ISP has the password.

    Tomorrow I have one of my ISPs technicians coming to install another ADSL line and I was wondering if it would be a good idea to ask him to set the modem up to have the pfSense box running as a DMZ (host).

    I am planing on running a Jabber server on the other side of the pfSense box and tried to access the LAN from the outside before for various other reasons.

    Would DMZ be the best quick way to be able to access the pfSense box from the outside?

    Thanks

    Ben



  • Yes. The ADSL device is likely to call the feature "DMZ". It really is 1:1 port forward - forwarding everything connecting in on the public IP to a specified IP on the ADSL device LAN side (=pfSense WAN side).
    Assuming the ADSL device LAN IP is 192.168.1.1/24 then you could ask him to "DMZ" everything to 192.168.1.2. Then make pfSense WAN IP 192.168.1.2/24, gateway 192.168.1.1. And make pfSense LAN some other subnet (like 192.168.42.1/24).
    Then you will receive all internet connections at pfSense WAN - you can pass them to internal servers, have OpenVPN server/s, block, log whatever you like, at pfSense WAN.



  • phil.davis, thanks for the answer, this was what I was hoping for.

    I guess now I really have to figure out how this lovely piece of software works  ;)

    Looking forward to have more fun with pfSense  :)



  • @bfts:

    phil.davis, thanks for the answer, this was what I was hoping for.

    I guess now I really have to figure out how this lovely piece of software works  ;)

    Looking forward to have more fun with pfSense  :)

    Or, have the tech put the DSL modem in bridge mode.