DMZ woes

  • Hi guys,

    I have a DMZ which hosts a FTP and MAIL server and I also have a public ip address Since I have enough public ip's, I thought 1:1 NAT would be alright, so first I created the virtual IP's and to map to the internal dmz servers and respectively. I then checked via if they are correctly mapping the correct ip's and they are indeed. Then I went to the port forwarding page to forwards the necessary ports like ftp, smtp, http, pop3, imap and checked the auto create firewall rules. I was then able to connect to the ftp and smtp locally, then I connected to one of the available public ip's to see if I can connect to the servers with the rules I've created, and I was able to. Then I thought that was it but when I went to our other office to check if it's really working, to my dismay it wasn't. I can access the pfsense GUI but not the FTP nor the MAIL interface, I can't figure out what's wrong with my rules because I've read the monowall docs and over and over. I've done this before about a year ago so I'm rusty right now and I have these questions in mind:

    1. Will the 1:1 NAT be enough?
    2. Do I need to create additional rules after creating the virtual ip's and mapping the 1:1 NAT?
    3. Do I really need port forwarding in this scenario?
    4. Did the port forwarding I did messed up the 1:1 NAT?
    5. If I did not put the rule permit DMZ to any but LAN, I can't communicate with the DMZ, nor they can communicate outside like pinging Is locking down the DMZ really works?



  • Finally I was able to make 1:1 NAT work by following this thread –>,6965.0.html maybe I was stressed out yesterday that it's why I can't make it to work coupled by the rustiness of not using pfSense for more than a year.  ;D now if only I can make the DNS point to correctly in order to receive mails, currently only outgoing mails is working.

Log in to reply