On Wed, Aug 20, 2008 at 11:56 AM, Aliet Santiesteban Sifontes <[EMAIL PROTECTED]> wrote: > Found part of the problem, I installed a clean pfsense, and setup > again the three interfaces. > WAN-->> Connected to our isp trought a /30 private newtork > OP1-DMZ-->> With the public range address assigned by our isp > LAN-> Private segent. > > Nothing configured, I mean, nat, bridge etc. > Added to simple rules, one to allow any from Lan in Lan interface, and > one to allow any from dmz interface. > > with this setup hosts on the dmz segment can't reach the outside > world, this hosts are configured with public network addresses, >
You have to use Advanced Outbound NAT to use public IPs on an internal network. Adding a gateway to this DMZ interface, unless it has an Internet connection and will be used as an additional WAN, is wrong. It disables the NAT configuration since it thinks it's a WAN interface, but that's wrong, you need to remove that and properly setup AON. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]