Not able to browse internet through pfsense in DMZ?
-
Hi Guys
I have a PFSense firewall deployed to protect what would be my DMZ servers. The pfsense firewall has just one NIC for WAN connections (may add an additional NIC etc if I cluster this).
This all works great, the firewall has internet access, I can access it to configure it etc, great.
Now I add a Windows Server 2012 R2 machine onto the network (an ESXi VM) with the following settings:
Subnet mask: 255.255.255.0 (the IP and gateway are different subnets but windows can handle this automatically)
Gateway: FirewallDNS: Google DNS
I can ping the firewall and the gateway, and the DNS servers too, but I can't browse the internet from this server. Port 80 and ICMP are allowed on the firewall.
An nslookup of google.com returns "target system name not found" (or something of this effect!).
Any ideas of how this config should look?
Thanks -
I must be missing something here:
I have a PFSense firewall deployed to protect what would be my DMZ servers. The pfsense firewall has just one NIC for WAN connections (may add an additional NIC etc if I cluster this).
vs.
Now I add a Windows Server 2012 R2 machine onto the network (an ESXi VM) with the following settings:
What are you adding where? To what network? WAN?!
-
The VM and PFSense are on the same distributed vSwitch. They are able to ping each other, which makes me think it's something in the PFSense config?
I haven't got WAN setup as I am using public IPS.
-
DNS: Google DNS
I can ping the firewall and the gateway, and the DNS servers too, but I can't browse the internet from this server. Port 80 and ICMP are allowed on the firewall.
You have also to allow DNS, TCP/UDP Port 53.
-
I still cannot see where's the DMZ with one interface…
-
"I haven't got WAN setup as I am using public IPS."
Huh??? That would be your wan - the public internet..
Why don't you draw up your network.. This is all virtual, you mention distributed vSwitch.. So please draw this up if you want help..
