[pfSense Support] WAN-LAN-WIFI-DMZ(bridged to WAN) configuration

Thu, 09 Oct 2008 04:20:04 -0700 

Hello to all.
I am trying to use pfsense to create a firewall box according to the following figure 

|----------LAN
|
WAN------pfsense------WIFI(opt1)
|
|----------DMZ(opt2) - bridged to WAN

WAN interface has a public IP address.
Clients in LAN subnet have private ip addresses 192.168.1.xxx.
Clients in WIFI subnet have private ip addresses 10.0.0.xxx.
Servers in DMZ zone have public addresses.


I have bridged DMZ interface to the WAN interface. I have also enabled 
filtering bridging. I have hooked up a server in DMZ zone in order to 
check that everything works fine.



Traffic from WAN to DMZ is by default blocked. I can permit certain 
kinds of traffic to certain servers with allow rules on the firewall 
rules (WAN tab).
Traffic from LAN to DMZ is by default blocked. I can permit certain 
kinds of traffic to certain servers with allow rules on the firewall 
rules (LAN tab).



The problem appears on the WIFI inrterface. I works the same way as the 
others for most of the protocols but there is a strange problem with 
HTTP traffic.



I use a rule BLOCK everything that has destination ip xxx.xxx.xxx.198 
(the ip of the server).



While PING or SSH is blocked and I can see them on the logs when I try 
to access a webpage on a web server on the xxx.xxx.xxx.198 server the 
traffic is not being blocked and when I go to states I see this strange 
state:



tcp 127.0.0.1:80 <- 195.251.108.198:80 <- 10.0.0.210:49531 
ESTABLISHED:ESTABLISHED



I cannot explain this. I guess it has something to do with WIFI being an 
optional interface??


Please help me, I have tried almost everything with no results.


--

Georgios Spathoulas
Computer Systems Administrator

University of Central Greece

Papasiopoulou 2-4 
Lamia 35100

Greece

Tel. 00302231066926
Fax. 00302231066939

---------------------------------------

Γεώργιος Σπαθούλας
Διαχειριστής Υπολογιστικών Συστημάτων

Πανεπιστήμιο Στερεάς Ελλάδας
Παπασιοπούλου 2-4
Λαμία 35100

Τηλ. 2231066926
Fax. 2231066939


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]















    











					Reply via email to