Yes, they are. I couldn't do this with my old firewall either. It's
basically a classic DMZ, at least the way I always thought they should
work. Took me a bit to figure out what I was doing with this, but my
bridge method works great.
Private | Public
IP Space | IP Space
|
LAN <-|-----X---> WAN
| |
| V
| DMZ
|
I started out just using 1:1 NAT for my public access hosts, but chose
this route after realizing I would end up with a kludged Citrix
installation. My poster boy, the Citrix server, currently sits in both
the DMZ and LAN, but only accepts inbound ICA connections via the
DMZ-connected interface, which saves me from having to fiddle with
"alt_addr" and having different firewall settings on my clients
depending on their location. (I have Citrix users both inside and
outside the protected network, many who can't use VPNs.)
Ted Crow
MCP/W2K
Information Technology Manager
Tuttle Services, Inc.
(419) 228-6262 x 247
-----Original Message-----
From: Chris Buechler [mailto:[EMAIL PROTECTED]
Sent: Monday, August 15, 2005 11:11 AM
To: Ted Crow
Cc: support@pfsense.com
Subject: Re: [pfSense Support] DMZ bridges with WAN
Cool! And your LAN hosts are behind NAT?
On 8/15/05, Ted Crow <[EMAIL PROTECTED]> wrote:
> I currently have my WAN and an OPT interface bridged, rules then
> govern traffic originating from both the LAN and WAN interfaces.
> Servers connected to the OPT interface use addresses from our public
IP block.
>
> I have had no trouble whatsoever with this config running pfSense
> 65.3->70.4 in a production environment. In my setup, servers on this
> DMZ can be accessed from both the LAN and WAN.
>
> Ted Crow
> MCP/W2K
> Information Technology Manager
> Tuttle Services, Inc.
> (419) 228-6262 x 247
> -----Original Message-----
> From: Chris Buechler [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 15, 2005 10:10 AM
> Cc: support@pfsense.com
> Subject: Re: [pfSense Support] DMZ bridges with WAN
>
> On 8/15/05, Heiko Weber <[EMAIL PROTECTED]> wrote:
> > Hi All,
> >
> > for now I use a m0n0wall as Firewall, but I have the problem that I
> > want to use official IP Addresses in the DMZ. For that I had to
> > bridge
>
> > the DMZ with WAN. If I do this there is no traffic posible between
> > LAN
> and DMZ.
> > My question: Does this work with pfsense or had I the same problem?
> >
>
> we don't yet know, as we haven't had a chance to test that yet. Try
> it and let us know.
>
> -cmb
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
> commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
