On Thu, Mar 22, 2012 at 1:02 AM, David Burgess <[email protected]> wrote: > I hate to resurrect an old thread, but this was never resolved for me, and > the workaround that I was using is no longer valid due to a change in the > situation. > > The old thread is here: > http://www.mail-archive.com/[email protected]/msg00260.html, but just > to quickly recap, I have a web server that sits on the WAN side of a pfsense > box and a workstation that sits on the LAN side. The web server is running > an ssh server and a wordpress site. The web server and pfsense's WAN both > have public IP addresses on the same subnet, while pfsense's LAN and the > workstation are on a private subnet, with pfsense performing LAN>WAN > outbound NAT.
That's not the same scenario you described in the previous thread unless it's just not explained as thoroughly. Jim's suggestion is almost certainly the resolution for that one, you have asymmetrically routed traffic in that scenario which you cannot statefully filter, eventually the TCP connection will be dropped. > One other user emailed me privately wondering if I had a solution, so I know > it's not just me. Lots of people have screwy routing and try to statefully filter traffic, it can't be done (on any firewall generally, though with sloppy state and TCP flags options in 2.x you can work around it in ways other than simply passing the traffic without filtering, albeit leaving yourself open to some potential TCP spoofing). _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
