Can't access the LAN from DMZ



  • I'm having trouble setting up a DMZ, I've tried everything i could think of, but there is no way I can allow (some) access from the DMZ to the lan.
    In despair, I even setup some rules allowing anything from any to any on both dmz and lan interfaces but still nothing.
    I can access the dmz machines from the lan but not the other way around… I'm losing my patience because I'm pretty sure it should be working.
    Any ideas? thanks



  • http://doc.m0n0.ch/handbook/examples.html

    FYI
    Your topic doesn't really contain any information that would make others able to help you.
    diagram, screenshots, rules etc makes helping easier.



  • i followed those examples, but the rules to allow traffic from the dmz to lan do not work, i don't know what's wrong, i have reseted the firewall to defaults and now only have two rules:

    the default pfsense rule of allow anything from LAN to any

    and I replicated that rule for the dmz, basically just one rule that allows anything from the dmz subnet to any.

    from the dmz I can ping any of the pfsense interfaces, the lan interface and the dmz interface. What i can't do is ping internal lan machines. But from lan to dmz everything seems fine.

    Please tell me any information or tests you might need, thanks



  • Verify that the clients that you are trying to ping use the pfSense as their default gateway. If not, they are sending their ICMP replies through the wrong device.



  • Holy "insert bad word here"… but of course!
    I knew it had to be some little stupid thing like that.. I was testing pfsense along side our old ipcop firewall and the lan machines were still using the old firewall as gateway...
    Thanks blak111, iou1.



  • @rgomes:

    I'm having trouble setting up a DMZ, I've tried everything i could think of, but there is no way I can allow (some) access from the DMZ to the lan.
    In despair, I even setup some rules allowing anything from any to any on both dmz and lan interfaces but still nothing.
    I can access the dmz machines from the lan but not the other way around… I'm losing my patience because I'm pretty sure it should be working.
    Any ideas? thanks

    Seams to be an old problem,…

    See This:

    http://forum.pfsense.org/index.php/topic,7316.0.html

    Regards.


Log in to reply