Simple Setup with LAN, DMZ and WAN - Connection Problems
-
Hi,
I am new to this forum and also new to pfsense. But it really seems to be a nice firewall system with much opportunities.My pfsense is a kvm guest with three virtio network devices. DMZ is realized over a virtual switch, which is also connected to the other kvm guests.
pfsense 2.1.4 (I tried amd64 and i386)
WAN is PPPoE
LAN is DHCP with IP-Adress 10.0.1.1/24
DMZ has no DHCP but static IP-Adress 172.16.0.1/24Now I have a problem with the connection of the kvm guests (Debian based, so no Windows firewall could do strange things) to the Internet. Ping to Internet hosts is no problem (for example the Google-DNS-Server 8.8.8.8). Ping works also for Domain-Names (google.com). But when I try a real connection (e.g. wget google.com) there could be no connection established.
The firewall rule which i created for the DMZ device is following (same pattern as LAN-standard rule):
Source: DMZ net
Destination: *
Ports: *So afterwards i need of course a lock down of this rule but first i like to get it running. Has somebody here any idea, why the connection does not work but the ping could be sended and received?
-
Enable outbound NAT for the DMZ interface….
Then it works
-
Thank you for your fast reply. I had automatic nat enabled but now changed to manual nat. Result ist still the same: not working. Maybe I should have told, that i have also a problem to connect from LAN to DMZ (e.g. SSH or HTTP), but ping is also working.
I made a screenshot of the nat rules, maybe it will help.
Cheers,
dubitat
-
Have you enabled outbound rules for DMZ interface under firewall -> Rules -> DMZ ??
-
Yes, I made a screenshot of the rule. Without this rule, ping also does not work.
Cheers,
dubitat
-
How does your interfaces look like?
Any gateways configured under routing and DMZ/LAN set to none?
-
No both gateways are set to none (see screenshots). The two checkboxes below that screenshot are unchecked in both interfaces.
Thank you for your help so far.
Cheers,
dubitat
-
Where are you based?
-
In Germany. Is there any locale setting which I forgot to set?
-
No…. I just wanted to take a look via teamviewer and see if we missed something
-
Well I do not think that we missed something, because it is a new fresh installation and I only configured the DMZ, LAN and WAN device. Do you think it could also be a KVM problem and not related to pfsense? But I have no idea how to check that. The connection between two virtual server in the same subnet (172.16.0.0/24) works without any problems. (I tested Ping and HTTP)
-
Could be…
-
Do you think trying 2.2 Alpha could help? Because I am new to pfsense I don't know whether I could use those images in a productive (home) environment.
-
2.1.4 should work fine.
Why is not obvious…
-
The interesting thing is that the packet filter (when I activate logging of firewall packets) passes the packets.
In this forum is another topic in which someone has a problem with DMZ and Internet connection (same error like mine). They also did not found any solution but he also could not send any pings so I hoped that my problem is different.
Cheers,
dubitat