Bridging is possible (and it works for everything I tested except port
80), but I don't think many people are using this configuration. My
reason to use this method is I hold a belief that NAT buggers about with
things, and wanted to cut NAT out the loop. Just to use pfsense as a
firewall. (maybe there is a better way?)
I'm not that dandy with IIS so I suspected IIS or the windows firewall.
The IIS box only has one interface and that is assigned the public ip.
I happen to have another test box on this network 78.32.32.11, and from
that I can happily browse the test page a http://78.32.32.14:80
As a further test, I did enable the windows firewall, and only allow my
RDP session in, with logging on. No dropped packets reported to port 80
for the windows firewall therefore my conclusion is the packets never
get past pfsense.
Hope all that made sense.
The problem is quite repeatable, I thought it might be 1.2-BETA-2, so I
upgraded to 1.2-RC3 ealrier today - fresh start and wiped the box
clean. It displays the same results.
Would it help if I posted a 'pfctl -sa' ? Any pf bridging gurus around?
Kind Regards,
Paul
Hoos, Stephen wrote:
Crazy me but, can you see the IIS box on port 80 from the LAN? Do you
have the IIS box set up to answer on the public IP you are assigning it?
Can you ping the box from the outside? I would give the IIS box a
private address and use aliases to port forward port 80. I am not sure
but I don't think you can BRIDGE your WAN and LAN.
-----Original Message-----
From: Paul Cockings [mailto:[EMAIL PROTECTED]
Sent: Monday, January 07, 2008 1:02 PM
To: [email protected]
Subject: [pfSense Support] Port 80
Hi Pfsense list, (first time poster - I'm loving pfsense)
I have followed the updated tutorial for transparent firewall
http://pfsense.trendchiller.com/transparent_firewall.pdf
I've tried with 1.2-BETA-2 and 1.2-RC3, it all just about makes sense
expect I cannot get port 80 to open up. I'd like to open up port 80 to
a windows IIS6 machine
Heres the test rig: (yes real ip address's!)
My Location = external to all this on another connection
ADSL MODEM (transparent dumb box) 78.32.32.9 pfsense WAN 78.32.32.10/29
pfsense Gateway: 78.32.32.9 pfsense LAN 192.168.1.1 + BRIDGE with WAN
webGUI Port: 10443 webGUI protocol: HTTPS Enable filtering bridge = on
Disable webGUI anti-lock out = on Block private networks = on (tried
off, no change) Disable userlanbd ftp proxy = on NAT Outbound = Manual
NAT Outbound Rule = No nat (NOT)
Windows Box does not have windows firewall switch on = absolutely
confirmed.
IIS is on port 80
RDP port 3389
windows ip address: 78.32.32.14
windows subnet: 255.255.255.248
windows gateway: 78.32.32.9
LAN RULE = Allow anything out (this is just a testing box)
If I create a WAN RULE
TCP - Any Source - Any port - dest 78.32.32.14 - dest port TCP 3389 -
gateway any Then I can RDP into the box, I have logging switched on and
I see the entry in the firewall log
If I create a WAN RULE
TCP - Any Source - Any port - dest 78.32.32.14 - dest port TCP 80 -
gateway any Then I cannot see the IIS test page from my browser, logging
is switched on, but I never see an entry in the firewall log
If I delete the rules, and try
http://78.32.32.14:3389 - I see firewall logs http://78.32.32.14:4000 -
I see firewall logs http://78.32.32.14:80 - I see no firewall logs
'netstat -an' confirms that nothing appears to be using port 80 if i try
a packet capture for 78.32.32.14:80 - I see nothing
It appears to me that the traffic could be being dropping before being
evaluated by the firewall rules?
Whats going on?
Any help, guideance, direction, or request for more info would be
greatly appreciated. I hope I give enough information.
Kind Regards,
Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
