If that is the case then why does "Automatically create a rule" creat a firewall rule permitting traffic to the LAN IP?
On 11/10/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > NAT occurs before filtering. You need a rule on the WAN interface > allowing connections to the physical server IPs. > > --Bill > > On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > I have. On the wan interface, im allowing anything to connect to the vip > > 85.116.30.1 address on port 25 > > > > Do I need any others? > > > > > > Scott Ullrich wrote: > > > > >Perhaps you need firewall rules!? > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > >>0.92 Latest > > >> > > >>For some reason left is master for the carp of the smtp and right is > > >>master of the carp for the external (routing)... > > >> > > >>On the machine which is the inbound carp I have: > > >> > > >>DENIED: > > >> > > >>Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 > > >>TCP > > >> > > >> > > >>On the machine which is the smtp carp I have: > > >> > > >>DENIED: > > >> > > >>Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 > > >>TCP > > >> > > >> > > >>Looks like one of them has the wrong date too :) > > >> > > >>Scott Ullrich wrote: > > >> > > >> > > >> > > >>>1. What version > > >>>2. What do you see in the firewall filter logs regarding these > > >>>connections > > >>> > > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > >>> > > >>> > > >>> > > >>> > > >>>>Ok, > > >>>> > > >>>>I have left and right pfsense boxes. On my opt1 interface I have a carp > > >>>>setup: 85.116.x.1/27 is the network im using. My internal network is > > >>>>then 192.168.x.0/24 > > >>>> > > >>>>I have 85.116.x.1 assigned as the virtual > > >>>>I have 85.116.x.2 on left > > >>>>85.116.x.3 on right > > >>>> > > >>>>I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > > >>>>setup which contains: > > >>>> > > >>>>192.168.x.1 > > >>>>192.168.x.4 > > >>>> > > >>>>The left and right also have > > >>>> > > >>>>192.168.x.254 as virtual > > >>>>192.168.x.252 on left > > >>>>192.168.x.253 on right > > >>>> > > >>>>I have a firewall rule which allows * to connect on port 25 to the carp > > >>>>address which is 85.116.x.1 > > >>>> > > >>>>The tcp connection just times out. At one point it was in the log > > >>>>saying "bad gateway 85.116.x.1" > > >>>> > > >>>>Other than this, its exactly as described in the IncomingLoadBalancing > > >>>>example on the wiki. > > >>>> > > >>>>Lee > > >>>> > > >>>> > > >>>>Scott Ullrich wrote: > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>>>Many people have followed these and they work. You'll need to provide > > >>>>>more information of how its all setup and what doesn't work. > > >>>>> > > >>>>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>>>Hi Scott, > > >>>>>> > > >>>>>>I followed those exactly. And yet I still have no Joy :( > > >>>>>> > > >>>>>>Can anyone suggest anything which I may need to tick or the such which > > >>>>>>may prevent this from working? > > >>>>>> > > >>>>>>Regards > > >>>>>> > > >>>>>>Lee > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>Scott Ullrich wrote: > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>Try visiting these docs: > > >>>>>>> > > >>>>>>>http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > > >>>>>>>http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > > >>>>>>> > > >>>>>>>Scott > > >>>>>>> > > >>>>>>> > > >>>>>>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>>>Hi, > > >>>>>>>> > > >>>>>>>>Im new to pfsense and have two machines running 0.92 both with 2x > > >>>>>>>>Dual > > >>>>>>>>Port 100+ Intel Management adaptors. I cannot for the life of me > > >>>>>>>>get > > >>>>>>>>load balancing working. Here is how I have them setup: > > >>>>>>>> > > >>>>>>>>left.pfsense > > >>>>>>>> > > >>>>>>>>fxp1 Lan > > >>>>>>>>fxp2 Cross Over cable to right.pfsense for sync > > >>>>>>>>fxp3 DMZ Servers > > >>>>>>>>fxp4 WAN > > >>>>>>>> > > >>>>>>>>right.pfsense > > >>>>>>>> > > >>>>>>>>fxp1 Lan > > >>>>>>>>fxp2 Cross Over cable to right.pfsense for sync > > >>>>>>>>fxp3 DMZ Servers > > >>>>>>>>fxp4 WAN > > >>>>>>>> > > >>>>>>>>On my internal lan and wan I have carp's setup with virtual ip's. I > > >>>>>>>>wish > > >>>>>>>>to use one of my virtual ip's to load balance mail to 2 servers on > > >>>>>>>>my > > >>>>>>>>internal lan. I have it all setup as per on the wiki but I cannot > > >>>>>>>>get > > >>>>>>>>anything through to the mailservers on the internal lan. I have a > > >>>>>>>>firewall rule which allows * to connect to the virtual ip on port > > >>>>>>>>25. > > >>>>>>>> > > >>>>>>>>Any ideas? please help. > > >>>>>>>> > > >>>>>>>>Lee > > >>>>>>>> > > >>>>>>>>--------------------------------------------------------------------- > > >>>>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>>>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>--------------------------------------------------------------------- > > >>>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > > >>>>>>> > > >>>>>>> > > >>>>>>>____________________________________________________________________ > > >>>>>>>This e-mail has been scanned for viruses by Mailsauce. For further > > >>>>>>>information visit http://www.mailsauce.com > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>--------------------------------------------------------------------- > > >>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>--------------------------------------------------------------------- > > >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>>>>For additional commands, e-mail: [EMAIL PROTECTED] > > >>>>> > > >>>>> > > >>>>>____________________________________________________________________ > > >>>>>This e-mail has been scanned for viruses by Mailsauce. For further > > >>>>>information visit http://www.mailsauce.com > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>--------------------------------------------------------------------- > > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>>>For additional commands, e-mail: [EMAIL PROTECTED] > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>--------------------------------------------------------------------- > > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>>For additional commands, e-mail: [EMAIL PROTECTED] > > >>> > > >>> > > >>>____________________________________________________________________ > > >>>This e-mail has been scanned for viruses by Mailsauce. For further > > >>>information visit http://www.mailsauce.com > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>--------------------------------------------------------------------- > > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > >> > > >> > > > > > >--------------------------------------------------------------------- > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > >____________________________________________________________________ > > >This e-mail has been scanned for viruses by Mailsauce. For further > > >information visit http://www.mailsauce.com > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
