• LAN1->WAN1->LAN2->WAN2->internet

    LAN1 is my internal network with access to LAN2 and internet

    LAN2 is my DMZ sandwiched between an internal pfsense and external pfsense. LAN2 can access the internet but unable to access LAN1 in the current setup.

    One solution may be to add an interface with a LAN2 IP address on the internal pfsense.  Use this IP as new gateway in the external pfsense and route LAN1 traffic to it. Will this work or is there a better solution?

  • Better to setup

    Lan1…..internal network
    Lan2.....DMZ.                  -----> pfsense ---> wan ---> internet

    Route between lan1/lan2 as needed

    Your way seems unconventional since you have to break
    All boggon firewall rules to be able to access lan1 from lan2
    If lan2 is on 192.168. ... Or 10.0.0.. Or 172.16.0...

  • Thank you for your advice on my setup (see attached). You are correct that lan2 is on 192.168.2.. My goal is for dmz system to mount a smb share served on system 1.

    Your suggested setup would have dmz lan and internal lan both behind one firewall. Yes?

  • Yeap different networks and route between them

