Can’t Access Bridged DMZ IPs from NATed LAN – Troubleshooting

bridgenat;pfsense

I've configured my pfSense router with two bridged WAN to a DMZ (OPT2). Everything is fine to access web server from external with public IP directly on servers behind DMZ.

The setup is pretty much the same as : http://doc.m0n0.ch/handbook/examples-filtered-bridge.html

The only bad thing, I can't access these web servers from behind the LAN (which is NATed). Exactly as described in the same example : http://doc.m0n0.ch/handbook/faq-bridge.html

I was thinking about having two routers (one bridge and one NAT) because I have 8 IPs for each WAN so it could be possible. But this is not interresting, is there any other turn arround?

Best Answer

Finally by trial and error I've found a solution, I don't know if this is the state of the art solution, but it is working perfectly.

1 Create a new Gateway

Systems > Routing > Gateways
Add Gateway
Select the interface that is your DMZ
Give a name and leave without IP (dynamic)

2 Create Firewall Rules

Firewall > Rules > LAN
Create a rule before default LAN with source : any, destination : single host with Bridged IP, advanced feature gateway : The gateway you created.

I've created a rule for each bridged IP, since I don't bridge all IPs I've done it so.

Best Answer

Related Solutions

pfSense – Multi-WAN Bridge, NAT, Load Balancing, and CARP

Difference Between Client Mode and Independent Bridge in an AP

Related Topic