Set up this way (read below), in the log I now get a rule accept value that says
@44 pass in log quick on bge1 inet proto tcp from any to 10.0.1.14 keep state label "USER_RULE:Web Access Test" It is hitting the rule I made, but is still not bringing up the web interface I am testing with. Thanks Russ -----Original Message----- From: Russ Bennett Sent: Wednesday, December 12, 2007 7:59 AM To: [email protected] Subject: RE: [pfSense Support] 1:1 at wits end First, Thanks for everyone's help. The nat 1:1 I have WAN 208.83.93.19/32 10.0.1.14/32 Firewall Rule I have Proto Source Port Destination Port Gateway TCP * * 208.83.93.19 80 (HTTP) * I've got six IP addresses 3 of which are used for router and pfsense box 208.83.93.16/29 Do these ip addresses need to be put in as virtual ip's? Russ -----Original Message----- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 11, 2007 5:22 PM To: [email protected] Subject: Re: [pfSense Support] 1:1 at wits end Russ Bennett wrote: > Hello, > > I've setup a 1:1 nat and entered in the rules. Nothing was getting > through so I looked at the log and I can see the rule getting hit > properly except within the log I get the following message > > The rule that triggered this action is: > @45 block drop in log quick all label "Default block all just to be > sure." > > Where do I go to disable this "Default block all just to be sure." Rule? > That's matching the default block all, which means it didn't match any of the rules you defined. You can't disable the default deny rule, what you need to do is put in a rule that matches the traffic you want to permit. For 1:1 NAT, that means a rule on the WAN with the appropriate source port (any), source IP/network (whatever you want), destination IP (the private, internal IP - NAT happens first), and destination port. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
