Tuesday, August 7, 2012

pfsense dmz setting

Port forward problems with pfSense and host within DMZ

Click for full size
port forward on WAN
Click for full size
WAN rules
Click for full size
DMZ rules
I'm having difficulty making port forward work for a web server setup within an OPT1 designated as a DMZ. Probably a simple solution where I am totally missing a key element. I need help. What I want is to be able to access the web server from the internet using a public IP.

Here's my setup: comcast SMC D3G modem ---> pfSense box with 3 nics. 1 nic to LAN and the other to OPT1 designated as DMZ. DMZ is hooked up to an 8 port switch to which is attached the webserver with ports 80 and 22 open. A laptop connected to this switch is able to verify that both ports are open and that sshd and httpd are active.

comcast has allocated the following:
Gateway 173.X.X.94
Subnet (/28)
Static IPs 173.X.X.81 through 173.X.X.93
Currently, all services on the comcast modem is turned off, including NAT, allowing all traffic to flow thru.

Here are my settings for the interface:
WAN 173.X.X.93/28 with gateway set as 173.X.X.94
LAN with gateway = none
DMZ with gateway = none

The webserver is has a fix IP of
I setup a proxy arp VIP as 173.X.X.92/32 which will be for this webserver.

I have port forward, WAN and DMZ rules above as my new starting basis and need to know where my problem might be fixed.

I've tried many different rules noted in other post on this board and others, but still no luck. What I have above is just the basic after deleted all my trials. I realize that I may be missing a much needed rule or two. Can you help?

No comments: