Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DMZ Unable to browse Internet and no ping to the DMZ GW

    Firewalling
    2
    3
    429
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ilasa01 last edited by

      Hello Members,

      I am trying to configure the DMZ interface and have some problem with connecting to Internet and a ping to the DMZ GW doesn't respond. My FW is configured with WAN, LAN and DMZ. For those who wishes to help, attached you find the following information:

      Version: 2.2-RELEASE (amd64), built on Thu Jan 22 14:03:54 CST 2015, FreeBSD 10.1-RELEASE-p4
      WAN: 83.94.24.46
      LAN: 172.17.0.1
      DMZ: 10.0.0.1      Automatic NAT Outbound rules, no GW.

      Any idea what it is wrong?
      Thanks.
      Regards
      Sal

      ![ScreenHunter_04 Mar. 25 18.11.gif](/public/imported_attachments/1/ScreenHunter_04 Mar. 25 18.11.gif)
      ![ScreenHunter_04 Mar. 25 18.11.gif_thumb](/public/imported_attachments/1/ScreenHunter_04 Mar. 25 18.11.gif_thumb)
      ![ScreenHunter_03 Mar. 25 18.11.gif](/public/imported_attachments/1/ScreenHunter_03 Mar. 25 18.11.gif)
      ![ScreenHunter_03 Mar. 25 18.11.gif_thumb](/public/imported_attachments/1/ScreenHunter_03 Mar. 25 18.11.gif_thumb)
      ![ScreenHunter_02 Mar. 25 18.11.gif](/public/imported_attachments/1/ScreenHunter_02 Mar. 25 18.11.gif)
      ![ScreenHunter_02 Mar. 25 18.11.gif_thumb](/public/imported_attachments/1/ScreenHunter_02 Mar. 25 18.11.gif_thumb)
      ![ScreenHunter_01 Mar. 25 18.10.gif](/public/imported_attachments/1/ScreenHunter_01 Mar. 25 18.10.gif)
      ![ScreenHunter_01 Mar. 25 18.10.gif_thumb](/public/imported_attachments/1/ScreenHunter_01 Mar. 25 18.10.gif_thumb)

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        Your source ports are completely wrong for the HTTP/HTTPS and DNS stuff, should be ANY. What is the point of the DNS rule when you have allow everything just below? Why you allow only ping to the pfSense box goes beyond me. The SMTP rule is useless and will never be hit. The final block RFC1918 rule is useless and will never be hit…

        The above is just the first screenshot, did not bother with others, as clearly you should restart from scratch.

        1 Reply Last reply Reply Quote 0
        • I
          ilasa01 last edited by

          You are right. The rules "any" to "any" in addition to TCP/UDP, IPV4+IPV6 has solved the problem.

          Thank you very much!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post