On Sat, Sep 18, 2010 at 8:54 PM, Ron Lemon <[email protected]> wrote:
> Action: Pass > Interface: LAN > Protocol: any (I assume this also include ICMP???) > Source: Single Host (10.0.1.100) > Destination: Network (10.0.0.0 / 24) > Gateway: default > > To me this means that 10.0.1.100 can talk to any machine in the 10.0.0.0 / 24 > network about anything (ping, ftp, www, ldap, etc) Almost. In your original post you said that 10.0.1.100 is on OPT1. pfsense's firewall rules operate on packets entering the chosen interface. The rule above doesn't do anything until you change "LAN" to "OPT1". > On OPT1 tab I have > > Action: Pass > Interface: OPT1 > Protocol: any (I assume this also include ICMP???) > Source: Network (10.0.0.0 / 24) > Destination: Single Host (10.0.1.100) > Gateway: default > > To me this means that any machine in the 10.0.0.0 / 24 network can talk to > 10.0.1.100 about anything (ping, ftp, www, ldap, etc) As you may have guessed by now, if you change "OPT1" in the above rule to "LAN" I think you will be in business. Note also that in your original post you didn't say whether you wanted 10.0.1.100 to talk to LAN hosts. If not, then your first rule is not wanted. (if a LAN host connects to 10.0.1.100, it will be allowed to respond, as pfsense is stateful.) Hope that helps. db --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
