Access DMZ to WAN

  • Hi all,

    I would like to have an access in DMZ to the WAN. My interfaces are :

    LAN :
      - PC : => Access WAN OK
        Gateway :
        Dns Server :

    DMZ :
      - PC : => Access WAN down
        Gateway :
        Dns Server =

    WAN :

    I have created a rule like the lan rule for the WAN:

    DMZ rules  :

    *  DMZ net  *  *  *  *        (Access to WAN)

    UDP  DMZ net  *  53 (DNS)  *      (Access to DNS server in LAN)

    but the access to WAN since DMZ is always down, i have read the docs monowall but it's the same problem.

    Thanks for your help

  • LAN :
    DMZ :

    The same subnet on two interfaces wont work.

  • Ok, now the subnet of DMZ is /16 but access to WAN doesn't work…
      -PC :
    Ip adress :
    Subnet :
    Gateway :
    DNS :

    Interface DMZ in Pfsense :

  • I suggest you start reading on wikipedia how subnetting works. is still the same subnet as

  • I don't understand because in the monowall documentation Lan ip address is : and Dmz ip adress :, the subnet is the same…

  • and are two different subnets!

    You seem to missinterpretate the "/number" is equal to to is equal to to is equal to to is equal to to

    The number in CIDR notation behind the / is how many bits are for the "network" identification.
    The rest of the bits (32 - number behind /) are the bits for the addressing within the subnet.

    So really read a bit on your own how the basics work.

  • Ok, so now my Dmz ip address is : (network :
                        Lan ip address is :  (network :

    I don't have an access to WAN…

  • I take the dns adress of my freebox and the wan is now ok since my dmz…

    Thank you GruensFroeschli

  • Your addresses are still conflicting
    is up to

    which contains
    which is to

    Just set your first subnet to /16 too and it should work.

  • Ok ty for the tip, i have a new problem ^^, in my dmz i have a apache server on port 80 but is it inacessible from the wan. is the server ip address.

    In Firewall: NAT: 1:1 i have the rule :

    Interface External IP Internal IP Description 
    WAN  www

    And in port forwad :
    If Proto Ext. port range NAT IP Int. port
    WAN    TCP    80  (HTTP)      80 (HTTP)

    But when i want to connect to it's down.

  • You dont use 1:1 NAT and normal forwardings.
    One or the other.

    In your forwarding rule you have as ext:
    Are you sure that your WAN interface is and not
    Also if you want to forward port 80 of your WAN, make sure that you change the webgui to something else.

  • If WAN is on a private subnet (like 192.168. is) you have to disable 'block private subnets' as well.
    What's in front of your WAN anyway?

  • this work perfectly thank a lot of !

Log in to reply