Help setting up DMZ



  • I'm having some trouble setting up a DMZ.  I searched the forums and got some good info, but what seems to be the key document (http://doc.m0n0.ch/handbook/examples.html) is not available.  There's a cached page at Google, but it's of little use without the images.

    My ISP has provided me with a single cable modem and five IP addresses.  Two of the IPs are used for other things (a WiFi router and a separate subnet unconnected to this pfSense configuration).  On this configuration, I have the following:

    WAN - xxx.yyy.zzz.34
      OPT1 - xxx.yyy.zzz.36
      OPT2 - xxx.yyy.zzz.38
      LAN - 192.168.1.1
      OPT3 - 192.168.1.3 (DMZ)

    I got the WAN/LAN thing working fine.

    What I want to do is route traffic from OPT1 and OPT2 to the DMZ.  I think I know how to do that, but first I need to get the DMZ interface connected.

    It almost works.  I first configured the DMZ interface for DHCP, connected a computer to it, and the machine was able to get an IP address.  This will eventually be a static IP address, but I'll use DHCP until I get things working.

    I created an outbound firewall rule on the DMZ interface that passes all traffic from DMZ–basically the same rule as the default LAN firewall rule.  I realize that I'll have to lock that down, once I get things working.

    Thing is, it doesn't work.  At least, something isn't working.  From the computer hooked to the DMZ interface, I can't ping, I can't get to my DNS servers -- nothing.  Traffic graphs show that it's receiving packets from the DMZ interface, but then I don't know what happens to them.

    Did I forget an important step somewhere?  Do I have to create NAT rules beyond the automatically generated rules?

    I'm sure I'll have more questions once I get this basic thing working.  But for now, how do I get my second interface to talk to the outside world?

    Thanks in advance.

    Jim



  • Create firewallrules at firewall>rules, dmz tab to allow traffic coming in on that interface.

    btw, I don't have issues accessing the m0n0 documentation including images. Everything's there.



  • Thanks for the reply.  I managed to get everything working, although it would have been easier had I been able to see that m0n0 document.  I don't know why I'm unable to view it from here.


Locked