Set up DMZ in pfSense?

superwormy

Incoming T1 connection, a few machines need to have public static IP addresses, the rest will be NATed and just need access to the Internet. I'd like to have the machines that are exposed to the Internet in something like a DMZ… does pfSense have DMZ support, or is there a better way to do this, or...?

I have 3 network cards in the pfSense box... if I use one for WAN, one for LAN, and one for the DMZ machines, will this work to isolate the LAN machines from the machines that should be in the DMZ?

Cry Havok

Assuming that's how you write your firewall rules, then yes, you can arrange this.

heiko

@superwormy:

Incoming T1 connection, a few machines need to have public static IP addresses, the rest will be NATed and just need access to the Internet. I'd like to have the machines that are exposed to the Internet in something like a DMZ… does pfSense have DMZ support, or is there a better way to do this, or...?

I have 3 network cards in the pfSense box... if I use one for WAN, one for LAN, and one for the DMZ machines, will this work to isolate the LAN machines from the machines that should be in the DMZ?

take a look to the docu from monowall written by cmb, it runs as it should.
http://doc.m0n0.ch/handbook-single/#id2604946