On 2012-02-08 22:32, Jason T. Slack-Moehrle wrote:
Hi Nathan,
am I missing something obvious? Would I need to possible restart the
server itself or any switches?
You're hitting the default deny rule on the DMZ interface. Rules on all
interfaces are processed as 'inbound' to that interface - so return traffic
from an HTTP request would be sourced from :80 with a destination of * (random
source port the client OS picked). You have a rule which allows traffic from
any port TO :80, so you're blocking your server's replies.
The easiest thing would be to create a rule which allows all traffic sourced from your
DMZ subnet on the DMZ interface, since that's your outbound. That gives you a typical
"default deny in, default allow out" behavior.
I restarted the pfSense box and noticed that when it rebooted it had:
WAN (wan) --> em1 --> 75.xx.xx.28
LAN (lan) --> em3 --> 172.16.254.1
DMZ (opt1) --> em2 --> NONE
That is correct, right, since my servers in 75.xx.xx.xx are on the
DMZ? Do I have to do anything to tell pfSense it should answer for my
IP's? I recall when I ran untangle I had to sell it what IP's to
"answer" for.
If you don't have an IP address for opt1 (DMZ), that would mean that
you're bridging with WAN? I think you should be routing instead, but I
don't know exactly your goals.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
