On 8/29/05, Gary Buckmaster <[EMAIL PROTECTED]> wrote: > I had promised a couple of people that I'd post results after I tested this > out, so here goes. > > I have a Pfsense 0.81 box set up with three realtek cards set up in this > configuration: > > rl0: OPT1 (bridged to WAN) > rl1: WAN (static IP address) > rl2: LAN (NAT'd RFC 1918 network) > > The setup I used as an example is from the m0n0wall docs indicated here: > http://m0n0.ch/wall/docbook/examples-filtered-bridge.html > > The question came up regarding the ability of LAN machines to access to > machines inside the DMZ serviced by OPT1. In the m0n0wall documentation, > this is not possible, but in my preliminary testing I found that LAN > machines had no problem talking to the DMZ. In talking to Scott, this comes > out of the fact that PfSense uses a different bridging mechanism than > m0n0wall and so this particular caveat is not an issue in PfSense. Under a > default configuration, the LAN network segment(s) will have unfettered > access to the DMZ segment(s).
I would like to point out that it has unfettered access due to the defeault allow all LAN rule. Changing this will allow finer grained control. > I hope this clears up some questions people might have about this kind of a > setup. > > >
