Hi, This was my thought as stated in my original post. I thought I read something in the book about setting the gateway on the bridged machine to the pfsense box instead of the ISP gateway because the traffic from the bridged machine would not hit the state tables.
More investigation after business hours today is in order. Thanks again, ----- "Seth Mos" <[email protected]> wrote: > Op 29 dec 2009, om 21:03 heeft Mark Street het volgende geschreven: > > > Hi, > > > > I will do some more investigation... funny thing is I could not find > anything in the firewall logs on denying port 25. > > What might be happening here is if the gateway on the bridged computer > is not set correctly it can get confused and traffic will be dropped > because it is not hitting the states. > > That's normally more of a issue on normal routed and NAT configs > though. > > I recommend a dose of Chris. > > Cheers, > > Seth > > > > > Thanks, > > > > ----- "Chris Buechler" <[email protected]> wrote: > > > >> On Tue, Dec 29, 2009 at 2:26 PM, Seth Mos <[email protected]> > wrote: > >>> Op 29 dec 2009, om 20:05 heeft Mark Street het volgende > geschreven: > >>> > >>> Hi, > >>> > >>> I ran nmap from remote servers and sure enough port 25 is not > >> accessible. I > >>> set rules on the WAN to allow SMTP to pass through to the > external > >> address > >>> on OPT1 and still no pass. Running netstat on the mail host > shows > >> port 25 > >>> to be "filtered". > >>> > >>> Have you also added rules for allowing return traffic? Because > that > >> will be > >>> originating from the opt1 to the internet. > >>> Not entirely sure on bridges as I don't use them a lot (once > >> actually). But > >>> iirc you need to add firewall rules on the opt1 interface as > well. > >> > >> Only for traffic initiated outbound, bridges act the same as > routed > >> or > >> NATed interfaces in that regard. Just need a rule on WAN to allow > >> traffic in. > >> > >> > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > >> Commercial support available - https://portal.pfsense.org > > > > -- > > Mark Street, D.C., RHCE > > Chief Technology Officer > > Alliance Medical Center > > (707) 433-5494 > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > Commercial support available - https://portal.pfsense.org > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org -- Mark Street, D.C., RHCE Chief Technology Officer Alliance Medical Center (707) 433-5494 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
