Excellent suggestion, I'll get onto that and let you know the results
Thanks for the ideas,
Paul
Chris Buechler wrote:
Paul Cockings wrote:
Bridging is possible (and it works for everything I tested except
port 80), but I don't think many people are using this
configuration. My reason to use this method is I hold a belief that
NAT buggers about with things, and wanted to cut NAT out the loop.
Just to use pfsense as a firewall. (maybe there is a better way?)
I don't disagree, this definitely works like you're doing it (lots of
people do this).
Next I would run a couple packet captures to see what's actually
happening. Enable and log into SSH, and run the following:
tcpdump -i fxp0 -n src or dst 78.32.32.14 and tcp port 80
replacing fxp0 with your WAN interface. Try to get to
http://78.32.32.14 from the Internet, and see what tcpdump shows.
Based on what you said, I suspect you won't see anything in the WAN
capture. When running tcpdump on the WAN, you see the ingress traffic
before it gets processed by any NAT or firewall rules, so if tcpdump
doesn't show it, it's not getting to you - there's absolutely no
chance it's getting stopped by the firewall. It's an ISP issue at that
point, that would indicate they're blocking port 80 before it gets to
you.
If it does show the traffic, ctrl-c to stop that tcpdump, and then run
another one replacing fxp0 with your LAN interface.
If you see the traffic in the WAN capture and not the LAN capture,
your firewall log will show it getting blocked, and your firewall
rules aren't configured to allow the traffic. Based on what you said,
I doubt if this is the case.
If you see it on both the LAN and WAN captures, then it's a server
configuration issue of some sort.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
!DSPAM:100001,4782b5456641129199835!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]