I am not sure why the LAN has an ip address and is bridged. I am not sure if this would really work. Are you trying to do nat and have some things that do not nat? If you are, i would use another interface (if you have that option). Also, alot of the stupid DSL routers still do filtering. this may be your problem.
-----Original Message----- From: Paul Cockings [mailto:[EMAIL PROTECTED] Sent: Monday, January 07, 2008 4:27 PM To: [email protected] Subject: Re: [pfSense Support] Port 80 Bridging is possible (and it works for everything I tested except port 80), but I don't think many people are using this configuration. My reason to use this method is I hold a belief that NAT buggers about with things, and wanted to cut NAT out the loop. Just to use pfsense as a firewall. (maybe there is a better way?) I'm not that dandy with IIS so I suspected IIS or the windows firewall. The IIS box only has one interface and that is assigned the public ip. I happen to have another test box on this network 78.32.32.11, and from that I can happily browse the test page a http://78.32.32.14:80 As a further test, I did enable the windows firewall, and only allow my RDP session in, with logging on. No dropped packets reported to port 80 for the windows firewall therefore my conclusion is the packets never get past pfsense. Hope all that made sense. The problem is quite repeatable, I thought it might be 1.2-BETA-2, so I upgraded to 1.2-RC3 ealrier today - fresh start and wiped the box clean. It displays the same results. Would it help if I posted a 'pfctl -sa' ? Any pf bridging gurus around? Kind Regards, Paul Hoos, Stephen wrote: > Crazy me but, can you see the IIS box on port 80 from the LAN? Do you > have the IIS box set up to answer on the public IP you are assigning it? > Can you ping the box from the outside? I would give the IIS box a > private address and use aliases to port forward port 80. I am not sure > but I don't think you can BRIDGE your WAN and LAN. > > -----Original Message----- > From: Paul Cockings [mailto:[EMAIL PROTECTED] > Sent: Monday, January 07, 2008 1:02 PM > To: [email protected] > Subject: [pfSense Support] Port 80 > > Hi Pfsense list, (first time poster - I'm loving pfsense) > > I have followed the updated tutorial for transparent firewall > http://pfsense.trendchiller.com/transparent_firewall.pdf > > I've tried with 1.2-BETA-2 and 1.2-RC3, it all just about makes sense > expect I cannot get port 80 to open up. I'd like to open up port 80 to > a windows IIS6 machine > > Heres the test rig: (yes real ip address's!) > > My Location = external to all this on another connection > > ADSL MODEM (transparent dumb box) 78.32.32.9 pfsense WAN 78.32.32.10/29 > pfsense Gateway: 78.32.32.9 pfsense LAN 192.168.1.1 + BRIDGE with WAN > webGUI Port: 10443 webGUI protocol: HTTPS Enable filtering bridge = on > Disable webGUI anti-lock out = on Block private networks = on (tried > off, no change) Disable userlanbd ftp proxy = on NAT Outbound = Manual > NAT Outbound Rule = No nat (NOT) > > Windows Box does not have windows firewall switch on = absolutely > confirmed. > IIS is on port 80 > RDP port 3389 > windows ip address: 78.32.32.14 > windows subnet: 255.255.255.248 > windows gateway: 78.32.32.9 > > LAN RULE = Allow anything out (this is just a testing box) > > If I create a WAN RULE > TCP - Any Source - Any port - dest 78.32.32.14 - dest port TCP 3389 - > gateway any Then I can RDP into the box, I have logging switched on and > I see the entry in the firewall log > > If I create a WAN RULE > TCP - Any Source - Any port - dest 78.32.32.14 - dest port TCP 80 - > gateway any Then I cannot see the IIS test page from my browser, logging > is switched on, but I never see an entry in the firewall log > > If I delete the rules, and try > > http://78.32.32.14:3389 - I see firewall logs http://78.32.32.14:4000 - > I see firewall logs http://78.32.32.14:80 - I see no firewall logs > > 'netstat -an' confirms that nothing appears to be using port 80 if i try > a packet capture for 78.32.32.14:80 - I see nothing > > It appears to me that the traffic could be being dropping before being > evaluated by the firewall rules? > > Whats going on? > Any help, guideance, direction, or request for more info would be > greatly appreciated. I hope I give enough information. > > Kind Regards, > Paul > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __________ NOD32 2772 (20080107) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
