Yes, they are. I couldn't do this with my old firewall either. It's basically a classic DMZ, at least the way I always thought they should work. Took me a bit to figure out what I was doing with this, but my bridge method works great.
Private | Public IP Space | IP Space | LAN <-|-----X---> WAN | | | V | DMZ | I started out just using 1:1 NAT for my public access hosts, but chose this route after realizing I would end up with a kludged Citrix installation. My poster boy, the Citrix server, currently sits in both the DMZ and LAN, but only accepts inbound ICA connections via the DMZ-connected interface, which saves me from having to fiddle with "alt_addr" and having different firewall settings on my clients depending on their location. (I have Citrix users both inside and outside the protected network, many who can't use VPNs.) Ted Crow MCP/W2K Information Technology Manager Tuttle Services, Inc. (419) 228-6262 x 247 -----Original Message----- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Monday, August 15, 2005 11:11 AM To: Ted Crow Cc: support@pfsense.com Subject: Re: [pfSense Support] DMZ bridges with WAN Cool! And your LAN hosts are behind NAT? On 8/15/05, Ted Crow <[EMAIL PROTECTED]> wrote: > I currently have my WAN and an OPT interface bridged, rules then > govern traffic originating from both the LAN and WAN interfaces. > Servers connected to the OPT interface use addresses from our public IP block. > > I have had no trouble whatsoever with this config running pfSense > 65.3->70.4 in a production environment. In my setup, servers on this > DMZ can be accessed from both the LAN and WAN. > > Ted Crow > MCP/W2K > Information Technology Manager > Tuttle Services, Inc. > (419) 228-6262 x 247 > -----Original Message----- > From: Chris Buechler [mailto:[EMAIL PROTECTED] > Sent: Monday, August 15, 2005 10:10 AM > Cc: support@pfsense.com > Subject: Re: [pfSense Support] DMZ bridges with WAN > > On 8/15/05, Heiko Weber <[EMAIL PROTECTED]> wrote: > > Hi All, > > > > for now I use a m0n0wall as Firewall, but I have the problem that I > > want to use official IP Addresses in the DMZ. For that I had to > > bridge > > > the DMZ with WAN. If I do this there is no traffic posible between > > LAN > and DMZ. > > My question: Does this work with pfsense or had I the same problem? > > > > we don't yet know, as we haven't had a chance to test that yet. Try > it and let us know. > > -cmb > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]