DMZ with Public Static IP - Solved!

thetallkid

After struggling with this for several months, reading every How-To I could find, trying, walking away and coming back, I have finally gotten it.

To help those who have been in my boat, I will write up what worked for me, step by step.

1.  Interfaces –> Assign --> Interface assignments --> "+" to add interface, Save.

2.  Interfaces --> Click on new Interface --> Enable Interface --> Save  (Do not make any other changes)

3.  Interfaces --> Assign --> Bridges --> "+" Bridge WAN & DMZ, Save.

4.  Firewall --> Rules --> DMZ --> Add Rule

ID Proto     Source       Port   Destination Port Gateway Queue Schedule Description

IPv4 *  Server IP      *                *              *        *          none

5.  Firewall --> Rules --> WAN --> Add Rule

ID Proto     Source       Port   Destination Port   Gateway   Queue Schedule Description

IPv4          *              *        Server IP      80 etc        *        none         
                        TCP

Add more rules on the WAN to let in traffic for services running on the server.

Setting net.link.bridge.pfil_bridge to 1 blocked all traffic to the server. Changing it back to 0 solved that issue. I'm running 2.2 Alpha.

On your server, assign IP address from your static block, with appropriate subnet mask and gateway/router address matching that of pfsense.

Set rules to allow management, block traffic between LAN and DMZ. There are lots of examples here on the forum.

marcosasjr

Hi  thetallkid,
can better explain the process? I tried to make this same scenario, but I had every sucesso.reading How-To i could find.
Best regards