DMZ Unable to browse Internet and no ping to the DMZ GW

Firewalling
Log in to reply
  • I

    Hello Members,

    I am trying to configure the DMZ interface and have some problem with connecting to Internet and a ping to the DMZ GW doesn't respond. My FW is configured with WAN, LAN and DMZ. For those who wishes to help, attached you find the following information:

    Version: 2.2-RELEASE (amd64), built on Thu Jan 22 14:03:54 CST 2015, FreeBSD 10.1-RELEASE-p4
    WAN: 83.94.24.46
    LAN: 172.17.0.1
    DMZ: 10.0.0.1      Automatic NAT Outbound rules, no GW.

    Any idea what it is wrong?
    Thanks.
    Regards
    Sal

    ![ScreenHunter_04 Mar. 25 18.11.gif](/public/imported_attachments/1/ScreenHunter_04 Mar. 25 18.11.gif)
    ![ScreenHunter_04 Mar. 25 18.11.gif_thumb](/public/imported_attachments/1/ScreenHunter_04 Mar. 25 18.11.gif_thumb)
    ![ScreenHunter_03 Mar. 25 18.11.gif](/public/imported_attachments/1/ScreenHunter_03 Mar. 25 18.11.gif)
    ![ScreenHunter_03 Mar. 25 18.11.gif_thumb](/public/imported_attachments/1/ScreenHunter_03 Mar. 25 18.11.gif_thumb)
    ![ScreenHunter_02 Mar. 25 18.11.gif](/public/imported_attachments/1/ScreenHunter_02 Mar. 25 18.11.gif)
    ![ScreenHunter_02 Mar. 25 18.11.gif_thumb](/public/imported_attachments/1/ScreenHunter_02 Mar. 25 18.11.gif_thumb)
    ![ScreenHunter_01 Mar. 25 18.10.gif](/public/imported_attachments/1/ScreenHunter_01 Mar. 25 18.10.gif)
    ![ScreenHunter_01 Mar. 25 18.10.gif_thumb](/public/imported_attachments/1/ScreenHunter_01 Mar. 25 18.10.gif_thumb)

    0
  • D
    Banned

    Your source ports are completely wrong for the HTTP/HTTPS and DNS stuff, should be ANY. What is the point of the DNS rule when you have allow everything just below? Why you allow only ping to the pfSense box goes beyond me. The SMTP rule is useless and will never be hit. The final block RFC1918 rule is useless and will never be hit…

    The above is just the first screenshot, did not bother with others, as clearly you should restart from scratch.

    0
  • I

    You are right. The rules "any" to "any" in addition to TCP/UDP, IPV4+IPV6 has solved the problem.

    Thank you very much!

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy