On 9/13/06, Kyle Mott <[EMAIL PROTECTED]> wrote:
I removed all of the rules on my TUN0 interface, and it still let me get
anywhere on the LAN when connected remotely. :<
-Kyle
Holger Bauer wrote:
> We are trying to find out. So do what was suggested, delete all rules and reboot. If you still have full access on the openvpn interface it might be a bug or a limitation (which I can't say for sure right now).
>
> Holger
>
>
>>-----Original Message-----
>>From: Kyle Mott [mailto:[EMAIL PROTECTED]]
>>Sent: Wednesday, September 13, 2006 10:09 PM
>>To: [email protected]
>>Subject: Re: [pfSense Support] OpenVPN Clients and FW ACL's
>>
>>
>>That's not an option. Rules are rules, and it should be blocking the
>>traffic. All of my other rules on other interfaces work as expected.
>>
>>Can someone tell me if this is a bug?
>>
>>
>>-Kyle
>>
>>Rob Terhaar wrote:
>>
>>>How about if you take all the rules out for the openvpn connection,
>>>reboot the system, and see what your firewall does then?
>>>
>>>
>>>
>>>On 9/12/06, *Kyle Mott* < [EMAIL PROTECTED]
>>
>><mailto:[EMAIL PROTECTED]>> wrote:
>>
>>> I've attached a JPG. Even with that ACL, I can get to
>>
>>RDP on my main
>>
>>> box
>>> on the LAN interface from any OVPN client. I followed
>>
>>the HowTo, but the
>>
>>> HowTo says to leave everything open for testing. After
>>
>>I got done with
>>
>>> testing, I removed the "generic" rules, and tried to
>>
>>only allow access
>>
>>> to specific hosts/ports/protocols, which doesn't seem
>>
>>to be working as I
>>
>>> would expect.
>>>
>>>
>>> -Kyle
>>>
>>> Rob Terhaar wrote:
>>> > Did you follow the howto on the wiki to get openvpn setup?
>>> > what does your firewall ruleset look like for your openvpn
>>> interface on
>>> > the pfsense?
>>> >
>>> >
>>> >
>>> > On 9/12/06, * Kyle Mott* <[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]> <mailto: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>>> wrote:
>>> >
>>> > Hi,
>>> >
>>> > I'm noticing that no matter what kind of block
>>
>>statements I
>>
>>> put on my
>>> > LAN or TUN0 interface, my OpenVPN clients can
>>
>>always get to
>>
>>> anything it
>>> > wants on the LAN interface (and vice versa). Is
>>
>>this normal
>>
>>> > behaviour? I
>>> > was hoping to have a bit more granular control over what
>>> clients can
>>> > access when they are connected. I'm running RC2.
>>> >
>>> >
>>> >
>>> > -Kyle
>>> >
>>> >
>>>
>>
>>---------------------------------------------------------------------
>>
>>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>
>>> > <mailto: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>>
>>> > For additional commands, e-mail: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>
>>> > <mailto: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>>
>>> >
>>> >
>>>
>>>
>>>
>>
>>---------------------------------------------------------------------
>>
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
