Fixed in latest testing snapshot. Please update. On 3/2/06, Derrick MacPherson <[EMAIL PROTECTED]> wrote: > I'm trying to set up the following: > > / <-> CARP > WAN int (PFSENSE BOX)<-> LAN > \<-> DMZ > > I want to have nat on the LAN, bi-nat on the DMZ, filtering incoming and > outgoing traffic. I'm close, but I've had issues with trying to get this > all working; I can't get outbound PASV ftp from the DMZ; I just want to be > sure that > pfsense is capable before I expend anymore energy on this. I can't find > the traffic being blocked, nor do I see it connecting to the local proxy. > > Let me know what else I can supply you with, here are some details: > > The CARP interface is disabled till I get this working > > (for below - x.x.x = external address scheme) > > OPT1(DMZ)* -> em0 -> 10.1.1.1 > LAN* -> bge0 -> 172.16.128.15 > WAN* -> xl0 -> x.x.x.89 > > pfctl -sr | grep USER > > pass in quick on xl0 inet proto tcp from any to x.x.x.68 keep state > label "USER_RULE" > > pass in quick on xl0 inet proto udp from any to x.x.x.68 keep state > label "USER_RULE" > > pass in quick on xl0 proto tcp from any to any port = ssh keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto tcp from any to any port = ntp keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto tcp from any to any port = domain keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto tcp from any to any port = ftp keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto tcp from any to any port = https keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto tcp from any to any port = http keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto udp from any to any port = ssh keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto udp from any to any port = ntp keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto udp from any to any port = domain keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto udp from any to any port = ftp keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto udp from any to any port = https keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 proto udp from any to any port = http keep state > label "USER_RULE: Allowed incomming ports" > > pass in quick on xl0 inet proto tcp from 139.142.2.2 port = domain to > any keep state label "USER_RULE" > > pass in quick on xl0 inet proto tcp from d.n.s.3 port = domain to any > keep state label "USER_RULE" > > pass in quick on xl0 inet proto udp from d.n.s.2 port = domain to any > keep state label "USER_RULE" > > pass in quick on xl0 inet proto udp from d.n.s.3 port = domain to any > keep state label "USER_RULE" > > pass in quick on xl0 inet proto tcp from any to 10.1.1.150 port >= 49152 > flags S/SA keep state label "USER_RULE: FTP Passive ports" > > pass in quick on em0 inet proto tcp from 10.1.1.0/24 to 127.0.0.1 flags > S/SA keep state label "USER_RULE" > > pass in quick on em0 all keep state label "USER_RULE" > > pass in quick on bge0 inet proto tcp from 172.16.128.0/20 to 127.0.0.1 > flags S/SA keep state label "USER_RULE" > > pass in quick on bge0 inet proto tcp from 172.16.128.0/20 to any port = > http flags S/SA keep state label "USER_RULE" > > pass in quick on bge0 inet proto tcp from 172.16.128.0/20 to any port = > https flags S/SA keep state label "USER_RULE" > > pass in quick on bge0 inet proto tcp from 172.16.128.0/20 to any port = > ftp flags S/SA keep state label "USER_RULE" > > pass in quick on bge0 inet proto tcp from 172.16.128.0/20 to any port = > ssh flags S/SA keep state label "USER_RULE" > > pass in quick on bge0 inet proto tcp from 172.16.128.0/20 to any port = > domain flags S/SA keep state label "USER_RULE" > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
