Hi Nathan, > am I missing something obvious? Would I need to possible restart the >> server itself or any switches? > > You're hitting the default deny rule on the DMZ interface. Rules on all > interfaces are processed as 'inbound' to that interface - so return traffic > from an HTTP request would be sourced from :80 with a destination of * > (random source port the client OS picked). You have a rule which allows > traffic from any port TO :80, so you're blocking your server's replies. > > The easiest thing would be to create a rule which allows all traffic sourced > from your DMZ subnet on the DMZ interface, since that's your outbound. That > gives you a typical "default deny in, default allow out" behavior.
I restarted the pfSense box and noticed that when it rebooted it had: WAN (wan) --> em1 --> 75.xx.xx.28 LAN (lan) --> em3 --> 172.16.254.1 DMZ (opt1) --> em2 --> NONE That is correct, right, since my servers in 75.xx.xx.xx are on the DMZ? Do I have to do anything to tell pfSense it should answer for my IP's? I recall when I ran untangle I had to sell it what IP's to "answer" for. Here is the only rule I have on DMZ, http://6colors.net/dmz.png but I still cannot reach the server on port 80 coming from LAN or even if I RDC to the outside someplace and come in via a browser. -Jason _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
