Access DMZ to WAN
-
Hi all,
I would like to have an access in DMZ to the WAN. My interfaces are :
LAN : 10.0.0.50/8
- PC : 10.0.0.10 => Access WAN OK
Gateway : 10.0.0.50
Dns Server : 10.0.0.50DMZ : 10.0.1.50/8
- PC : 10.0.1.1 => Access WAN down
Gateway : 10.0.1.50
Dns Server = 10.0.0.50WAN : 192.168.0.5/24
I have created a rule like the lan rule for the WAN:
DMZ rules :
* DMZ net * * * * (Access to WAN)
UDP DMZ net * 10.0.0.50 53 (DNS) * (Access to DNS server in LAN)
but the access to WAN since DMZ is always down, i have read the docs monowall but it's the same problem.
Thanks for your help
-
LAN : 10.0.0.50/8
DMZ : 10.0.1.50/8The same subnet on two interfaces wont work.
-
Ok, now the subnet of DMZ is /16 but access to WAN doesn't work…
-PC :
Ip adress : 10.0.1.1
Subnet : 255.255.0.0
Gateway : 10.0.1.50
DNS : 10.0.0.50Interface DMZ in Pfsense :
10.0.1.50/16
-
I suggest you start reading on wikipedia how subnetting works.
10.0.0.0/16 is still the same subnet as 10.0.1.0/16
-
I don't understand because in the monowall documentation http://doc.m0n0.ch/handbook/examples.html#id11622455 Lan ip address is : 192.168.1.1/24 and Dmz ip adress :192.168.2.1/24, the subnet is the same…
-
192.168.1.1/24 and 192.168.2.1/24 are two different subnets!
You seem to missinterpretate the "/number"
192.168.0.0/24 is equal to 192.168.0.0 to 192.168.0.255
192.168.1.0/24 is equal to 192.168.1.0 to 192.168.1.25510.0.0.0/8 is equal to 10.0.0.0 to 10.255.255.255
10.0.0.0/16 is equal to 10.0.0.0 to 10.0.255.255The number in CIDR notation behind the / is how many bits are for the "network" identification.
The rest of the bits (32 - number behind /) are the bits for the addressing within the subnet.So really read a bit on your own how the basics work.
http://en.wikipedia.org/wiki/Subnetwork
http://en.wikipedia.org/wiki/CIDR
-
Ok, so now my Dmz ip address is : 10.1.0.50/16 (network : 10.1.0.0)
Lan ip address is : 10.0.0.50/8 (network : 10.0.0.0)I don't have an access to WAN…
-
I take the dns adress of my freebox and the wan is now ok since my dmz…
Thank you GruensFroeschli
-
Your addresses are still conflicting
10.0.0.50/8
is 10.0.0.0 up to 10.255.255.255which contains
10.1.0.50/16
which is 10.1.0.0 to 10.1.255.255Just set your first subnet to /16 too and it should work.
–>
10.0.0.0/16
10.1.0.0/16
-
Ok ty for the tip, i have a new problem ^^, in my dmz i have a apache server on port 80 but is it inacessible from the wan.
10.1.0.1 is the server ip address.In Firewall: NAT: 1:1 i have the rule :
Interface External IP Internal IP Description
WAN 192.168.0.10/32 10.1.0.1/32 wwwAnd in port forwad :
If Proto Ext. port range NAT IP Int. port
WAN TCP 80 (HTTP) 10.1.0.1 80 (HTTP)
(ext.: 192.168.0.5)But when i want to connect to 192.168.0.10 it's down.
-
You dont use 1:1 NAT and normal forwardings.
One or the other.In your forwarding rule you have as ext: 192.168.0.5.
Are you sure that your WAN interface is 192.168.0.10 and not 192.168.0.5?
Also if you want to forward port 80 of your WAN, make sure that you change the webgui to something else.
-
If WAN is on a private subnet (like 192.168. is) you have to disable 'block private subnets' as well.
What's in front of your WAN anyway?
-
this work perfectly thank a lot of !
