Paul Cockings wrote:
Bridging is possible (and it works for everything I tested except port
80), but I don't think many people are using this configuration. My
reason to use this method is I hold a belief that NAT buggers about
with things, and wanted to cut NAT out the loop. Just to use pfsense
as a firewall. (maybe there is a better way?)
I don't disagree, this definitely works like you're doing it (lots of
people do this).
Next I would run a couple packet captures to see what's actually
happening. Enable and log into SSH, and run the following:
tcpdump -i fxp0 -n src or dst 78.32.32.14 and tcp port 80
replacing fxp0 with your WAN interface. Try to get to http://78.32.32.14
from the Internet, and see what tcpdump shows.
Based on what you said, I suspect you won't see anything in the WAN
capture. When running tcpdump on the WAN, you see the ingress traffic
before it gets processed by any NAT or firewall rules, so if tcpdump
doesn't show it, it's not getting to you - there's absolutely no chance
it's getting stopped by the firewall. It's an ISP issue at that point,
that would indicate they're blocking port 80 before it gets to you.
If it does show the traffic, ctrl-c to stop that tcpdump, and then run
another one replacing fxp0 with your LAN interface.
If you see the traffic in the WAN capture and not the LAN capture, your
firewall log will show it getting blocked, and your firewall rules
aren't configured to allow the traffic. Based on what you said, I doubt
if this is the case.
If you see it on both the LAN and WAN captures, then it's a server
configuration issue of some sort.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
