How to set up a DMZ?

General pfSense Questions
Log in to reply
  • P

    I've been trying to get a DMz working on my new pfSense installation. I've been stuggling with setting up firewall rules to do even a simple thing like connect from a machine in the DMZ to port 80 on a machine on the LAN (that's the subject of a different post).

    I believe I may not have set up the DMZ correctly. I followed the guide at  http://pfsensesetup.com/pfsense-setup-part-four-setting-up-a-dmz but I think there may be additional steps required such as setting up some NAT rules and maybe some routes that the article doesn't go into.

    I came from Smoothwall where it does all this for you so I'm finding pfSense pretty tricky as it doesn't seem to provide anything other than a web interface to set this all up yourself - which is fins if you know what you're supposed to be doing, which I don't!

    Can anyone please point me to a good article on how to set up a DMZ in pfSense, or provide some pointers about what needs to be done.

    My LAN is 192.168.0.0
    My DMZ is 192.168.1.0

    I can ping a machine in the DMZ from the pfSense console but that's about it so far.

    0
  • jahonix

    Why do you think you need a DMZ?

    A DMZ usually is like a dead-end road with only one interface that passes all traffic in and out. Like running your own web-server that is accessible from the outside but no way can it reach your local systems in case it gets compromised etc.
    But that's what you say is not working. Might be by design, unless you tell more about your network and what it's supposed to do.

    0
  • T

    generally speaking for dmz with private ips:

    1. create DMZ
    2. create NAT Mapping (DMZ = home for hosts that are reachable from the outside, so you want your external ips translated into private ips - or map ports of your external ip to the private ips)
    3. create inbound rules for dmz (here you use as destination the private ips of the dmz hosts)

    the default lan to anything rule allows you to access the dmz hosts

    if you like to access lan hosts from your dmz (which you dont do generally) you need to create dmz->lan rules too

    hope that helps to find more detailed infos

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy