DMZ Unable to browse Internet and no ping to the DMZ GW

  • Hello Members,

    I am trying to configure the DMZ interface and have some problem with connecting to Internet and a ping to the DMZ GW doesn't respond. My FW is configured with WAN, LAN and DMZ. For those who wishes to help, attached you find the following information:

    Version: 2.2-RELEASE (amd64), built on Thu Jan 22 14:03:54 CST 2015, FreeBSD 10.1-RELEASE-p4
    DMZ:      Automatic NAT Outbound rules, no GW.

    Any idea what it is wrong?

    ![ScreenHunter_04 Mar. 25 18.11.gif](/public/imported_attachments/1/ScreenHunter_04 Mar. 25 18.11.gif)
    ![ScreenHunter_04 Mar. 25 18.11.gif_thumb](/public/imported_attachments/1/ScreenHunter_04 Mar. 25 18.11.gif_thumb)
    ![ScreenHunter_03 Mar. 25 18.11.gif](/public/imported_attachments/1/ScreenHunter_03 Mar. 25 18.11.gif)
    ![ScreenHunter_03 Mar. 25 18.11.gif_thumb](/public/imported_attachments/1/ScreenHunter_03 Mar. 25 18.11.gif_thumb)
    ![ScreenHunter_02 Mar. 25 18.11.gif](/public/imported_attachments/1/ScreenHunter_02 Mar. 25 18.11.gif)
    ![ScreenHunter_02 Mar. 25 18.11.gif_thumb](/public/imported_attachments/1/ScreenHunter_02 Mar. 25 18.11.gif_thumb)
    ![ScreenHunter_01 Mar. 25 18.10.gif](/public/imported_attachments/1/ScreenHunter_01 Mar. 25 18.10.gif)
    ![ScreenHunter_01 Mar. 25 18.10.gif_thumb](/public/imported_attachments/1/ScreenHunter_01 Mar. 25 18.10.gif_thumb)

  • Banned

    Your source ports are completely wrong for the HTTP/HTTPS and DNS stuff, should be ANY. What is the point of the DNS rule when you have allow everything just below? Why you allow only ping to the pfSense box goes beyond me. The SMTP rule is useless and will never be hit. The final block RFC1918 rule is useless and will never be hit…

    The above is just the first screenshot, did not bother with others, as clearly you should restart from scratch.

  • You are right. The rules "any" to "any" in addition to TCP/UDP, IPV4+IPV6 has solved the problem.

    Thank you very much!