Hello,
Need some help in getting a simple DMZ to work, not sure where I am going wrong. First of all let me say I have read the documentation at: 1.
http://doc.m0n0.ch/handbook-single/#id11642778 & 2.
http://www.digitalphotomac.com/PFsense/DMZ/ and followed the instructions.
Here is my Setup:
Alix board with 3 interfaces:
1. WAN: Single IP provided by ISP (71.197.xxx.xxx)
2. LAN: DHCP enabled (192.168.2.1/27)
3. OPT1>DMZ: Enabled [Type-Static, Bridge-none, IP addr- 192.168.5.1/24]
Rules (in order):
LAN:
*/LAN net/*/*/*/* (default LAN to any)
UDP/ATA/*/*/VoIP/* (VoIP use in LAN)
WAN:
*/RFC1918/*/*/*/*/* (block private ntwks)
*/Resrvd/*/*/*/*/* (block bogon ntwks)
TCP/*/*/192.168.5.1/80 (http)/*/ (http to web server)
TCP/*/*/129.168.5.1/443 (https)/*/ (https to web server)
DMZ:
UDP/DMZ net/*/192.168.2.1/53(DNS)/*/ (Permit DMZ to primary DNS server)
TCP/*/*/LAN net/*/*/ (Reject DMZ to LAN)
*/DMZ net/*/ ! LAN net/*/*/ (Permit DMZ 2 any 'but' LAN)
I understand to make this work I have to do in-bound NAT since it is a 1 public IP to 1 internal web server.
Firewall>NAT>Port Forward:
WAN/TCP/80(HTTP)/192.168.5.1 (ext: 71.197.xxx.xxx)/80 (HTTP) (HTTP to web server)
WAN/TCP/443(HTTPS)/192.168.5.1 (ext:71.197.xxx.xxx)/443(HTTPS) (HTTPS to web server)
So I have configured my interface, added rules for both WAN & DMZ and done port forwarding from WAN to DMZ. From the documentation it seems this should work.
Problem - when I connect the server to the DMZ port (OPT1) it does not get an IP address. Do I have to enable DHCP on the DMZ interface? That doesn't seem to be correct since the documentation is showing it should be a static mapping. I am not sure what I am doing wrong here. Both m0n0wall handbook and the examples suggest this should work.
Any guidance is appreciated and thanks in advance.
pfSense Forum
