Craig,
My clients are seeing the web server with no problems.
Port 80 is natted at [Firewall: NAT: Port Forward]:
If Proto Ext. port range NAT IP Int. port range
WAN TCP 80 192.168.101.2 80
(ext.: 192.168.51.2)
First rule at [Firewall: Rules WAN] is:
Proto Source Port Destination Port Gateway
TCP * * 192.168.101.2 80 *
Finally, port 80 is also natted at the ADSL Router.
The schema is:
Web Server --------------PfSense --------------------- ADSL Router
192.168.101.2/24 LAN 192.168.101.1/24
WAN 192.168.51.2/29 192.168.51.1/29
In fact, I have running on this server other services available from the
Internet: 443 (HTTPS) and 2022 (SSH). They are ok for internal & external
users.
Blocking report is from [Diagnostics: System logs: Firewall]:
Nov 26 16:53:59 WAN 217.125.207.130:2883 192.168.101.2:80 TCP
Nov 26 16:53:59 WAN 217.125.207.130:2877 192.168.101.2:80 TCP
Nov 26 16:54:01 WAN 217.125.207.130:2877 192.168.101.2:80 TCP
Nov 26 16:54:02 WAN 217.125.207.130:2883 192.168.101.2:80 TCP
Nov 26 16:54:05 WAN 217.125.207.130:2877 192.168.101.2:80 TCP
Nov 26 16:54:07 WAN 217.125.207.130:2883 192.168.101.2:80 TCP
Nov 26 16:54:13 WAN 217.125.207.130:2877 192.168.101.2:80 TCP
Nov 26 16:54:18 WAN 217.125.207.130:2883 192.168.101.2:80 TCP
Nov 26 16:54:30 WAN 217.125.207.130:2877 192.168.101.2:80 TCP
Nov 26 16:54:41 WAN 217.125.207.130:2883 192.168.101.2:80 TCP
Nov 26 16:55:04 WAN 217.125.207.130:2877 192.168.101.2:80 TCP
Nov 26 16:55:25 WAN 217.125.207.130:2883 192.168.101.2:80 TCP
Nov 26 16:55:52 WAN 210.245.22.41:37102 192.168.101.2:80 TCP
Nov 26 16:55:55 WAN 210.245.22.41:37102 192.168.101.2:80 TCP
Nov 26 16:56:01 WAN 210.245.22.41:37102 192.168.101.2:80 TCP
Nov 26 16:56:12 WAN 210.245.22.41:37102 192.168.101.2:80 TCP
Nov 26 16:56:35 WAN 210.245.22.41:37102 192.168.101.2:80 TCP
Nov 26 16:58:32 WAN 80.58.205.38:1595 192.168.101.2:80 TCP
Only some Internet addresses are blocked at port 80. I think pfSense makes
some kind of protection against a big number of connections from certains
IPs. However I did'nt find documentation about this.
Web server seems to be faster than before ...
You can look our web server at www.bellera.cat, if you want.
Best regards,
Josep Pujadas
---------- Original Message -----------
From: Craig FALCONER <[EMAIL PROTECTED]>
To: [email protected]
Sent: Sun, 26 Nov 2006 12:06:15 +1300
Subject: RE: [pfSense Support] Is it an attack?
> I'll have a stab - please correct me if I'm wrong...
>
> Josep - I assume this is a snippet from the firewall logs page
> showing traffic that has been blocked?
>
> And that you have a webserver running on 192.168.101.2 with a valid
> NAT and a firewall rule to allow traffic from * on WAN to port
> 80/tcp on your web server?
>
> Well - one of those assumptions is wrong. What is your WAN address?
> Can users see your web server correctly?
>
> -----Original Message-----
> From: Josep Pujadas i Jubany [mailto:[EMAIL PROTECTED]
> Sent: Sunday, 26 November 2006 9:07 a.m.
> To: pfSense
> Subject: [pfSense Support] Is it an attack?
>
> Hi!
>
> pfSense is blocking access to my web server from a determinate IP.
> Any rule is configured about this IP.
>
> Is pfSense considering this an attack. If yes, why?
>
> Nov 25 18:31:56 WAN 88.19.121.209:14726 192.168.101.2:80 TCP
> Nov 25 18:31:59 WAN 88.19.121.209:14726 192.168.101.2:80 TCP
> Nov 25 18:32:04 WAN 88.19.121.209:14726 192.168.101.2:80 TCP
> ....
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
------- End of Original Message -------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
