On Sat, Apr 18, 2015 at 11:49:28AM +0200, Johan Hendriks wrote: > Op zaterdag 18 april 2015 heeft Bob McClure Jr <[email protected]> het > volgende geschreven: > > > I am a pfsense newbie. After my homebrew firewall crashed, a > > colleague recommended pfsense, so I went for it. I'm running the > > latest update of pfsense. > > > > I have a pretty basic three-piece setup -- WAN, LAN, and OPT1 which is > > my DMZ for a web, mail, and DNS server. I have set up the NAT rules > > for all the stuff from the WAN to get to OPT1. I learned much later > > than I should have that, by default, LAN can get to anything on WAN > > and OPT1, and OPT1 can get to anything on WAN. That is correct, isn't > > it? > > > > The problem is that when I go from my workstation on the LAN to our > > web server on OPT1, I am forced from an HTTP connection to HTTPS. > > I've done a bunch of web searching and docs perusing, but I can't > > figure out how to fix that. Everything else seems to be working > > fine, including outside connections to the web server. > > > > Any clues for me? > > > > Cheers, > > -- > > Bob McClure, Jr. > > You need to punch some holes from the lan to the dmz and from the dmz to > the lan. > You can be very specific about that.
As I mentioned above, based on my searching of the Net, NAT can get to OPT1 (my DMZ) by default, and that is true for all other services. > Like dmz may go to ipadres af workstation and nothing else. You can set it > as tight as you want. As I understand it, OPT1 (DMZ) cannot initiate a connection to the LAN, and that's as it should be. > And maybe you need a split dns setup to tell the wokstation that if it > needs to go to www.yoursite.com that it needs to go to the internal dmz > ipadres. I'll have a look at that. > Regards. Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. [email protected] http://www.bobcatos.com Make every effort to live in peace with all men and to be holy; without holiness no one will see the Lord. Hebrews 12:14 NIV _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
