News:

Welcome to the Home Network Guy forum!

Main Menu
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Spectre5

#1
How-to Discussions / Clarification on Basic DMZ How-to
November 25, 2021, 02:46:29 PM
I've read through Basic DMZ article here:
https://homenetworkguy.com/how-to/create-basic-dmz-network-opnsense/

I have a question on the firewall rule in the section "Allow access to DMZ network interface".  It indicates that "...this rule is necessary because of the next firewall rule below that blocks all private networks. Without it, the network would not have Internet access since the interface/gateway IP address would be blocked"  However, I don't understand why this is true (that the internet wouldn't work without this rule).

In a previous rule the DNS is already allowed, so the DMZ can resolve URLs to IP address.  Then the clients would request that IP address, which is not a private address and would then fall into rule 5, "Allow access to all other traffic".

If you don't care about pinging the router nor accessing the router from the DMZ, then what traffic would this "allow access to the DMZ network interface" be necessary for?  As far as I can tell, you can access the internet with out.

I've disabled this rule and my DMZ can still access websites just fine (although my network topology and rules are not all identical to this article).  Am I missing something?