joseph blase wrote:
Now all traffic I allowed from LAN to DMZ are working and vice-versa as
well as {LAN,DMZ} going out thru WAN int. The issue now is user from
outside(internet users) are not able to access the services/ports that I
serve on my DMZ server, I created a firewall rule on WAN to allow
traffic from any to DMZ Subnet to specific ports to no avail. Anything
that needs to be done?
If you are sure the filter rule on the WAN is OK, you may have one (or
both) of these two problems:
- you have not enabled 'advanced outbound NAT'. Now probably the packets
from the DMZ hosts are being NAT-ed, and this is why connections
initiated by the DMZ hosts can reach the Internet, but not vice-versa.
- wrong routing on the upstream router (doesn't forward packets for
207.230.228.X/24 to your pfSense)
Logging-in to your pfSense with SSH, and comparing the output of the
following commands during your tests:
tcpdump -i <name_of_WAN_interface>
tcpdump -i <name_of_DMZ_interface>
might be enlightening.
Angelo.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
