Yes, it's always high ports. thanks,
-phil > NAT issue? That setup is a little out of the norm as you have pointed out > but it should still work. An IP is and IP, a port is a port and a > protocol > is a protocol. Doesn't get much simpler. Does it happen to block just > high > ports (i.e. 50000 thru 65535?) or is it random? > > Curtis LaMasters > http://www.curtis-lamasters.com > http://www.builtnetworks.com > > > On Thu, Aug 21, 2008 at 9:50 AM, Phillip Gonzalez > <[EMAIL PROTECTED] >> wrote: > >> weird problem i'm trying to figure out. i have pfsense 1.2 running and >> configured with 3 interfaces and a vpn tunnel. i'm trying to allow a >> public ip address access into my dmz. >> >> i have a rule setup to allow the public ip(static) using udp to the dmz >> subnet which is 10.0.0.0/24. the rule is configured to allow all UDP >> traffic sourced from any port access to my 10.0.0.0/24 destined for any >> port, from the defined static ip. >> >> the rule is configured on the WAN interface and is placed above the >> default drop all traffic rule. >> >> >> my problem is that sometimes the traffic passes as expected and other >> times it's blocked (as verified by my firewall logs) by the default drop >> all rule. >> >> i'm trying to allow access from one static ip address (my voip provider) >> into my dmz where my phone box sits. when it works my phone rings when >> the >> traffic is blocked obviously it doesn't ring. >> >> also, i have several other rules configured accross the multiple >> interfaces and they are all working as expected. furthermore, i would >> say >> that this current voice over ip rule that i'm having problems with works >> 85% of the time. >> >> >> ps; it would be nice if my voip provider (lingo) wouldn't span >> thousands >> of ports, which is why i'm allowing SRC port any --> DST port any from >> this static ip. calling their tech support doesn't help either they >> don't >> even know what ports i'm suppose to let through. >> >> any ideas? >> >> thanks, >> >> -phil >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
