On 7/19/2011 3:08 PM, Moshe Katz wrote: > Your firewall rule is wrong. It needs to allow from ANY source port to > 2500 destination port. The source port is random from the client and > the port that you want to open on the firewall is 2500. When you > redirect that to port 80 using port forwarding, that is after it has > already passed through the firewall successfully. > > It looks like you are using pfSense 1.2.x. If you can update to one of > the 2.0 release candidates (I don't know how updates work for the > Netgate-branded version), it has a feature that will automatically > create the proper firewall rule when you forward a port.
Moshe, Yes, I am using 1.2.x, it's what was installed on this netgate, I don't know how to (yet) upgrade to one of the 2.0x RC's of pfSense, I was thinking about this but unsure how to go about it. if there is some documentation on this I would be greatly appreciative. When I added the NAT rule, it added the fw rule automatically. So I am not sure what you mean, the FW rule is allowing from any source, effectively *:2500, which is what I want, to only allow specific ports though. -- > Chris Brennan > -- > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ > GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C) ------------------------------------------------------------------------
0xD5B20C0C.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
