NAT issue? That setup is a little out of the norm as you have pointed out but it should still work. An IP is and IP, a port is a port and a protocol is a protocol. Doesn't get much simpler. Does it happen to block just high ports (i.e. 50000 thru 65535?) or is it random?
Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Thu, Aug 21, 2008 at 9:50 AM, Phillip Gonzalez <[EMAIL PROTECTED] > wrote: > weird problem i'm trying to figure out. i have pfsense 1.2 running and > configured with 3 interfaces and a vpn tunnel. i'm trying to allow a > public ip address access into my dmz. > > i have a rule setup to allow the public ip(static) using udp to the dmz > subnet which is 10.0.0.0/24. the rule is configured to allow all UDP > traffic sourced from any port access to my 10.0.0.0/24 destined for any > port, from the defined static ip. > > the rule is configured on the WAN interface and is placed above the > default drop all traffic rule. > > > my problem is that sometimes the traffic passes as expected and other > times it's blocked (as verified by my firewall logs) by the default drop > all rule. > > i'm trying to allow access from one static ip address (my voip provider) > into my dmz where my phone box sits. when it works my phone rings when the > traffic is blocked obviously it doesn't ring. > > also, i have several other rules configured accross the multiple > interfaces and they are all working as expected. furthermore, i would say > that this current voice over ip rule that i'm having problems with works > 85% of the time. > > > ps; it would be nice if my voip provider (lingo) wouldn't span thousands > of ports, which is why i'm allowing SRC port any --> DST port any from > this static ip. calling their tech support doesn't help either they don't > even know what ports i'm suppose to let through. > > any ideas? > > thanks, > > -phil > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
