Situation: I have a simple PFSense setup with a single PFsense 1.2.2 computer, 1 WAN interface, and 2 Local interfaces - one named LAN (10.0.0.0/24), and the other is Workshop (10.0.1.0/24). We have allsorts of computers including infected PC's connected to our Workshop interface so there are firewall rules setup only to allow internet access from both Local interfaces and on the workshop interface a some simple rules allowing things like FTP access to our fileserver on the LAN interface. We want no other access between subnets. We also have squid installed in transparent mode listening on the Workshop interface only, lightsquid, pubkey and phpsysinfo packages are also installed. The box was recently updated from 1.2 to 1.2.2 using its inbuilt update feature.
Problem: Following a reboot all this seems to work correctly but as soon as I make any configuration updates all rules between local subnets seem to fail and as far as I can tell there is full access from computers on the workshop interface to all PC's on the LAN interface. I have tried: Enabling logging on rules to try to identify a malfunctioning rule. I ended up with logging enabled on every rule, on all interfaces. Pinging and http between subnets was working but no relevant log entries were logged. A further reboot seems to fix things, again until I have to make a further change. I can't trust a firewall that does this, and I can't reboot every time I make a change. Help! PS: anyone know why the registration system on the pfsense forum won't send activation emails - so I can't register? Graeme Evans Technical Manager KCS Computer Solutions e: [email protected]<mailto:[email protected]> w: www.kcssolutions.co.uk<blocked::http://www.kcssolutions.co.uk/> t: 017687 75526 f: 017687 75636 a: Packhorse Court, Keswick, Cumbria, CA12 5JB Keswick Computer Services Ltd. trading as KCS Computer Solutions (Registered in England & Wales) Company Number: 4533301 VAT Number: GB734 732 432 This email and any attachments are confidential. It may contain privileged information and is intended for the named recipient(s) only. It must not be distributed without consent. If you are not one of the intended recipients, please notify the sender immediately and do not disclose, distribute, or retain this email or any part of it. Unless expressly stated, opinions in this email are those of the individual sender, and not of Keswick Computer Services Ltd. Legally binding obligation can only arise for, or be entered into on behalf of, Keswick Computer Services Ltd by duly authorised representatives. Keswick Computer Services Ltd excludes any liability whatsoever for any offence caused, any direct or consequential loss arising from the use, or reliance on, this e-mail or its contents. We believe but do not warrant that this e-mail and any attachments are virus free. You must therefore take full responsibility for virus checking. Keswick Computer Services Ltd reserve the right to scan all e-mail communications through its network.
