2WAN+DMZ+LAN1+LAN2



  • Hi all. I came from zywall world and I am a bit confused in configuring pfsense.
    This is my situation
    WAN(11.11.11.11/28)          WAN2(OPT1: 22.22.22.22/30)
          |                                      |
          –------            ----------
                      |          |
                        PFSENSE-------------DMZ(OPT2: 33.33.33.33/24)
                      |          |
          --------            ----------
          |                                      |
    LAN(44.44.44.44/24)          LAN2(OPT3: 55.55.55.55/24)

    I use PfSense 1.2-release in a PC having 5 nic.

    I define a group of common ports as CP (i.e. http, ftp, smtp, etc.)

    I want:
    1. all public ip addresses of WAN mappend in private ip addresses in DMZ: I used 1:1 nat
    2. everyone outside WAN could connect to CP ports in DMZ: I created forward rules in interface WAN from any to the DMZ subnet
    3. The DMZ servers must answer to the previous connection via WAN: ? there is nothing to do ?
    4. The DMZ servers must navigate and connect to CP ports in internet via WAN (i.e. connect to external http, smtp, pop3) ? there is nothing to do ?
    5. LAN and LAN2 must navigate and connect to CP ports in internet via WAN2 (i.e. connect to external http, smtp, pop3) ? there is nothing to do ?
    6. LAN and LAN2 must navigate and connect to CP ports in DMZ (i.e. connect to external http, smtp, pop3) ? there is nothing to do ?

    Could someone give me some hints ?
    Thank of all.
    Rodolfo





  • Thank you very much for your response. After reading&trying I coud post a more specific question.

    First: in Firewall>Rules>DMZ, if I add a rule the rule is applied only to the the packets coming in the DMZ interface (i.e. packets sent by DMZ hosts), correct ?
    In this case I dont understand the "Interface" field inside the rule (the hint said: "Choose on which interface packets must come in to match this rule. ").

    And second: the "Gateway" in the rule. This field means that if the packet satisfy the rule it is routed to this gateway overriding all other routing ?

    thanks



  • First: in Firewall>Rules>DMZ, if I add a rule the rule is applied only to the the packets coming in the DMZ interface (i.e. packets sent by DMZ hosts), correct ?
    In this case I dont understand the "Interface" field inside the rule (the hint said: "Choose on which interface packets must come in to match this rule. ").

    Which interface does this rule apply to, you could say

    And second: the "Gateway" in the rule. This field means that if the packet satisfy the rule it is routed to this gateway overriding all other routing ?

    *, opt1, opt2 etc. You could remember it as * belongs/is pfSense while everything else has nothing to do with pfSense and it's routing.


Locked