Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to set up a DMZ?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      philled
      last edited by

      I've been trying to get a DMz working on my new pfSense installation. I've been stuggling with setting up firewall rules to do even a simple thing like connect from a machine in the DMZ to port 80 on a machine on the LAN (that's the subject of a different post).

      I believe I may not have set up the DMZ correctly. I followed the guide at  http://pfsensesetup.com/pfsense-setup-part-four-setting-up-a-dmz but I think there may be additional steps required such as setting up some NAT rules and maybe some routes that the article doesn't go into.

      I came from Smoothwall where it does all this for you so I'm finding pfSense pretty tricky as it doesn't seem to provide anything other than a web interface to set this all up yourself - which is fins if you know what you're supposed to be doing, which I don't!

      Can anyone please point me to a good article on how to set up a DMZ in pfSense, or provide some pointers about what needs to be done.

      My LAN is 192.168.0.0
      My DMZ is 192.168.1.0

      I can ping a machine in the DMZ from the pfSense console but that's about it so far.

      1 Reply Last reply Reply Quote 0
      • jahonixJ
        jahonix
        last edited by

        Why do you think you need a DMZ?

        A DMZ usually is like a dead-end road with only one interface that passes all traffic in and out. Like running your own web-server that is accessible from the outside but no way can it reach your local systems in case it gets compromised etc.
        But that's what you say is not working. Might be by design, unless you tell more about your network and what it's supposed to do.

        1 Reply Last reply Reply Quote 0
        • T
          tomelgato
          last edited by

          generally speaking for dmz with private ips:

          1. create DMZ
          2. create NAT Mapping (DMZ = home for hosts that are reachable from the outside, so you want your external ips translated into private ips - or map ports of your external ip to the private ips)
          3. create inbound rules for dmz (here you use as destination the private ips of the dmz hosts)

          the default lan to anything rule allows you to access the dmz hosts

          if you like to access lan hosts from your dmz (which you dont do generally) you need to create dmz->lan rules too

          hope that helps to find more detailed infos

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.