> am I missing something obvious? Would I need to possible restart the > server itself or any switches?
You're hitting the default deny rule on the DMZ interface. Rules on all interfaces are processed as 'inbound' to that interface - so return traffic from an HTTP request would be sourced from :80 with a destination of * (random source port the client OS picked). You have a rule which allows traffic from any port TO :80, so you're blocking your server's replies. The easiest thing would be to create a rule which allows all traffic sourced from your DMZ subnet on the DMZ interface, since that's your outbound. That gives you a typical "default deny in, default allow out" behavior. Also - go to Status->System Logs->Firewall. If you have 'log packets blocked by the default deny rule', you'll get useful feedback about whats getting blocked and why. Alternatively, you can create a deny deny at the bottom of your interface's rules with the 'log' flag on, and get the blocked packets that way. Nathan Eisenberg _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
