Op zaterdag 18 april 2015 heeft Bob McClure Jr <[email protected]> het volgende geschreven:
> I am a pfsense newbie. After my homebrew firewall crashed, a > colleague recommended pfsense, so I went for it. I'm running the > latest update of pfsense. > > I have a pretty basic three-piece setup -- WAN, LAN, and OPT1 which is > my DMZ for a web, mail, and DNS server. I have set up the NAT rules > for all the stuff from the WAN to get to OPT1. I learned much later > than I should have that, by default, LAN can get to anything on WAN > and OPT1, and OPT1 can get to anything on WAN. That is correct, isn't > it? > > The problem is that when I go from my workstation on the LAN to our > web server on OPT1, I am forced from an HTTP connection to HTTPS. > I've done a bunch of web searching and docs perusing, but I can't > figure out how to fix that. Everything else seems to be working > fine, including outside connections to the web server. > > Any clues for me? > > Cheers, > -- > Bob McClure, Jr. Bobcat Open Systems, Inc. > [email protected] <javascript:;> http://www.bobcatos.com > Who shall separate us from the love of Christ? Shall trouble or > hardship or persecution or famine or nakedness or danger or sword? > ... I am convinced that neither death nor life, neither angels nor > demons, neither the present nor the future, nor any powers, neither > height nor depth, nor anything else in all creation, will be able to > separate us from the love of God that is in Christ Jesus our Lord. > Romans 8:35,38-39 NIV > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > You need to punch some holes from the lan to the dmz and from the dmz to the lan. You can be very specific about that. Like dmz may go to ipadres af workstation and nothing else. You can set it as tight as you want. And maybe you need a split dns setup to tell the wokstation that if it needs to go to www.yoursite.com that it needs to go to the internal dmz ipadres. Regards. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
