fireweed
Active member
Hello all. I'm trying to set up a pfsense firewall with an exchange server in the LAN and a DMZ and I'm running into so many stupid problems. I was hoping someone could take a look at what I'm trying and let me know what I'm doing wrong? It seems like the rules that should work dont and the ones that shouldnt work do. I've spent far to long on this already...
The setup (this cannot be changed, this is just the way it needs to be)
pfsense has three interfaces:
1) WAN. nothing configured on it. default default default.
2) LAN. Contains DC, DNS, Exchange server, some clients.
3) DMZ/OPT1. Contains just an Edge server so far. DG is set to the right interface on the FW and DNS is 8.8.8.8. Eventually this server will be edge exchange but that's later.
I just need to get three things to happen:
1) LAN can access WAN. This works somehow? It didnt and then it did. Magic.
2) Allow traffic from the LAN to the DMZ (tested by ping and tracert from the exchange server to the edge server) but the edge server cannot ping the exchange server. At a later point I'll open up some ports so I can do various mail things from the DMZ.
3) Allow all traffic from the DMZ to the WAN
For LAN to DMZ, I am not having any luck with it via pfsence. The only way I can ping the edge server from the exchange server is by enabling file and printer sharing ICMPv4-In rule on the edge server. I want to be able to do this via pfsense if possible though...
for DMZ I have this rule. With it I can ping the WAN DG, but nothing else. If I set the rule to be destination all I can access the internet but the LAN as well.
I should mention that these are all running on vmware workstation with a setup that allows for 3 virtual nics.
I've spent hours a day on this the last few days, making rules and pinging servers and I'm starting to get majorly discouraged. I just need to get these 3 things working well and then I can start configuring the edge role.
Any advice would be much appreciated. Thanks.
The setup (this cannot be changed, this is just the way it needs to be)
pfsense has three interfaces:
1) WAN. nothing configured on it. default default default.
2) LAN. Contains DC, DNS, Exchange server, some clients.
3) DMZ/OPT1. Contains just an Edge server so far. DG is set to the right interface on the FW and DNS is 8.8.8.8. Eventually this server will be edge exchange but that's later.
I just need to get three things to happen:
1) LAN can access WAN. This works somehow? It didnt and then it did. Magic.
2) Allow traffic from the LAN to the DMZ (tested by ping and tracert from the exchange server to the edge server) but the edge server cannot ping the exchange server. At a later point I'll open up some ports so I can do various mail things from the DMZ.
3) Allow all traffic from the DMZ to the WAN
For LAN to DMZ, I am not having any luck with it via pfsence. The only way I can ping the edge server from the exchange server is by enabling file and printer sharing ICMPv4-In rule on the edge server. I want to be able to do this via pfsense if possible though...
for DMZ I have this rule. With it I can ping the WAN DG, but nothing else. If I set the rule to be destination all I can access the internet but the LAN as well.
I should mention that these are all running on vmware workstation with a setup that allows for 3 virtual nics.
I've spent hours a day on this the last few days, making rules and pinging servers and I'm starting to get majorly discouraged. I just need to get these 3 things working well and then I can start configuring the edge role.
Any advice would be much appreciated. Thanks.