I add NAT rule and I got connection .... On Fri, Jan 9, 2009 at 11:41 AM, Peter Todorov <[email protected]> wrote:
> Maybe I need to update to 1.2.1 > > > On Fri, Jan 9, 2009 at 11:32 AM, Eugen Leitl <[email protected]> wrote: > >> On Fri, Jan 09, 2009 at 11:14:50AM +0200, Peter Todorov wrote: >> > >> > Yes the are now in second place (DMZ interface) ICMP DMZnet * * * * >> > and ICMP LANnet * * * *. There are rules also on second place (LAN >> > interface) ICMP DMZnet * * * * and ICMP LANnet * * * * . >> > No ping from DMZ to LAN. >> >> Strange, I can ping my setup fine. No dual WAN, though. >> >> > >> > On Fri, Jan 9, 2009 at 10:59 AM, Eugen Leitl <[1][email protected]> >> > wrote: >> > >> > On Fri, Jan 09, 2009 at 10:15:26AM +0200, Peter Todorov wrote: >> > > >> > > Curtus, I am no so familiar with pfsense architecture to do SSh >> > login >> > > and manual rewriting conf files. I have NAT yes it is AON >> because >> > I >> > > have dual WAN configuration. I have only NAT between external >> and >> > > internal interfaces. I add some rules to bouth interfacese in >> the >> > top >> > > just for test that has * * * * * * and * * * * * * . Still I got >> > no >> > > ping from DMZ to LAN. >> > > Chris, Do I need to enable NAT between DMZ and LAN? >> > >> > There's a rule allowing ICMP between DMZ and LAN, yes? >> > > Thank Peter >> > > >> > > On Thu, Jan 8, 2009 at 11:36 PM, Chris Buechler >> > <[1][2][email protected]> >> > > wrote: >> > > >> > > 2009/1/8 Curtis LaMasters <[2][3][email protected] >> >: >> > >> > > >> > > > Sounds like a NAT issue. Manually configure our outbound NAT >> > or >> > > tell it not >> > > > to NAT. >> > > >> > > Not necessary. Traffic between internal interfaces isn't NATed >> > > unless >> > > you enable AON and configure it to do so. >> > > The firewall rules on the DMZ interface don't allow pings most >> > > likely. >> > > >> > > >> > --------------------------------------------------------------------- >> > >> > > To unsubscribe, e-mail: [3][4][email protected] >> > > For additional commands, e-mail: >> > [4][5][email protected] >> > > Commercial support available - >> > [5][6]https://portal.pfsense.org >> > > >> > > -- >> > > ���������à �à à ����à >> > > >> > > References >> > > >> > > 1. mailto:[7][email protected] >> > > 2. mailto:[8][email protected] >> > > 3. mailto:[9][email protected] >> > > 4. mailto:[10][email protected] >> > > 5. [11]https://portal.pfsense.org/ >> > -- >> > Eugen* Leitl <a href="[12]http://leitl.org";>leitl</a> >> > [13]http://leitl.org >> > ______________________________________________________________ >> > ICBM: 48.07100, 11.36820 [14]http://www.ativel.com >> > [15]http://postbiota.org >> > 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE >> > >> > -- >> > �е��но���а не е по�ок >> > >> > References >> > >> > 1. mailto:[email protected] >> > 2. mailto:[email protected] >> > 3. mailto:[email protected] >> > 4. mailto:[email protected] >> > 5. mailto:[email protected] >> > 6. https://portal.pfsense.org/ >> > 7. mailto:[email protected] >> > 8. mailto:[email protected] >> > 9. mailto:[email protected] >> > 10. mailto:[email protected] >> > 11. https://portal.pfsense.org/ >> > 12. http://leitl.org/ >> > 13. http://leitl.org/ >> > 14. http://www.ativel.com/ >> > 15. http://postbiota.org/ >> -- >> Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org >> ______________________________________________________________ >> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org >> 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE >> > > > > -- > честността не е порок > -- честността не е порок
