1. Home
  2. pfSense® Software
  3. Firewalling
  4. LAN -> DMZ don't work

LAN -> DMZ don't work

  • J

    I have a computer with 1.2-RC3 and four NICs:
    WAN = DHCP
    LAN = 192.168.110.1/24
    DMZ = 192.168.111.1/24
    WLAN = 192.168.109.1/24

    I've added the following pass-rule to the top of the list of rules for the LAN interface:
    Proto  Source  Port  Destination  Port  Gateway  Schedule Description 
    *          *        *        *          *        *          *            *

    I have one accespoint with ip 192.168.109.2 and one laptop with ip 192.168.109.151 on the WLAN interface. When i try to ping either one of them, I get no response. What could be wrong?
      I can ping the WLAN-address of pfsense (192.168.109.1) by the way…

    0
  • GruensFroeschli

    Do you have a rule on the WLAN interface that allows traffic?
    Got a firewall on the WLAN client that might block the pings?

    0
  • J

    1. I have the same rule on the WLAN interface.
    2. The laptop on the WLAN-interface can ping the accespoint so…pinging from LAN should not be a problem, right?
    0
  • GruensFroeschli

    to 2:
    ping is not bidirectional.
    If you have a firewall on the Laptop that blocks pings the laptop cannot be pinged :)

    Can you ping the laptop if you use the ping-utility on pfSense?
    If not then the problem is definitly on the laptop end. (since the laptop is able to ping the pfSense)

    0
  • J

    I can ping the accesspoint from the pfSense tool, but i can't ping the accespoint from my computer on the LAN.

    0
  • P

    Proto  Source  Port  Destination  Port  Gateway  Schedule Description   
    *          *        *        *          *        *          *            *

    Proto    Source      Port  Destination  Port  Gateway  Schedule Description   
    *      Lan subnet      *        *          *        *          *            *

    Proto    Source          Port  Destination  Port  Gateway  Schedule Description   
    *      Wlan subnet        *        *          *        *          *            *

    0
  • J

    I've added the rules you sudjested Perry, to both my LAN and my WLAN interface. I still can't ping the access-point from my computer on my LAN-interface.

    0
  • GruensFroeschli

    you're writing about pinging the AP.
    what kind of AP is that?
    somehow i suspect your AP is doing NAT and you have on the AP the WLAN subnet on WAN and WLAN side.

    0
  • J

    I only use the LAN-ports of the "AP" but…you got me thinking Gruens. I just changed in the AP configuration and got it up and running. Now i can reach the LAN from the WLAN.
      I but i can't reach the WLAN from the LAN though, but that's not important enough for me to continue messing with the AP for  :) And besides...my primary aim is to learn how to manage the pfsense box, not the AP  ;D

    Thanks for the help everyone!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy