OK I set logging for the auto created rule and get the following
pf: 18. 541834 rule 66/0(match): pass in on rl1: (tos 0x10, ttl 64, id 8719, offset 0, flags [DF], proto: TCP (6), length: 60) 80.176.108.59.1040 > 10.0.0.10.25: S 299957971:299957971(0) win 5840 <mss 1460,sackOK,timestamp[|tcp]> I turn it off and get ZIP in the logs. To my untrained eye this looks like am attempt to pass the connection on to the correct internal server. > -----Original Message----- > From: Robert Mortimer [mailto:[EMAIL PROTECTED] > Sent: 02 May 2006 19:53 > To: support@pfsense.com > Subject: RE: [pfSense Support] Port Forwarding > > > > Okay, do the reverse then, turn on logging and see what is ALLOWING it. > > > Where do I do that (do you mean the raw logging?) > > > On 5/2/06, Robert Mortimer <[EMAIL PROTECTED]> wrote: > > > No TCP port 25 appears in the logs. I have a lot of UDP etc > > > but no TCP/IP from my IP > > > > > > I have three internal sub nets and have turned on advanced nat > > > so I can add each sub net. I have also added routing rules > > > for the internal gateway but apart from that it is a vanilla > > > setup > > > > > > > > > > -----Original Message----- > > > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > > Sent: 02 May 2006 16:53 > > > > To: support@pfsense.com > > > > Subject: Re: [pfSense Support] Port Forwarding > > > > > > > > > > > > On 5/2/06, Robert Mortimer > <[EMAIL PROTECTED]> wrote: > > > > > I have a set of 6 public IP addresses > > > > > I set up pfSense with an internal IP in the 10.0.0.x range > > and use an > > > > > external IP > > > > > All is good except I can not port forward to my mailserver > > or webserver. > > > > > > > > > > I have been to the Firewall: NAT: Port Forward tab and set > > up the port > > > > > forward (including the addition of the firewall rule) > > > > > > > > > > In NAT I see the following > > > > > > > > > > IF Proto Ext. port range NAT IP Int. > port range > > > > > Description > > > > > WAN TCP 80 (HTTP) 10.0.0.10 25 (SMTP) > > > > > Mailserver > > > > > ext.: 80.176.108.60) > > > > > > > > > > In Rules I see the following rule > > > > > > > > > > Proto Source Port Destination Port Gateway Description > > > > > TCP * * 10.0.0.10 25 (SMTP) * NAT > > > > Mail server > > > > > > > > > > When I plug my PC into the ADSL hub and give it one of my > static IP > > > > > addresses I can ping my router's external IP but I can not > > > > telnet to port > > > > > 25. > > > > > > > > > > The same setup works with my old Linux smoothwall box (i.e. I > > > > can telnet to > > > > > port 25) > > > > > > > > > > I also want to add a rule to drop and log all outbound SMTP > > > > that does not > > > > > originate from a machine in my mailservers group. I set > up the group > > > > > mailservers to include the requisite machines. I add the > > > > following rule to > > > > > LAN > > > > > > > > > > TCP ! MailServers 25 (SMTP) * * > > > > * Block in not mailserver > > > > > > > > > > I reload the rules but still I can telnet out to my ISP's > mailserver > > > > > > > > > > > > > > > C:\Documents and Settings\rob>telnet post.demon.co.uk 25 > > > > > 220 anchor-post-33.mail.demon.net ESMTP Tue, 02 May 2006 > > 15:33:21 +0000 > > > > > quit > > > > > 221 anchor-post-33.mail.demon.net closing connection > > > > > Connection to host lost. > > > > > C:\Documents and Settings\rob> > > > > > > > > > > I am running Beta 3 > > > > > > > > Look in the filter logs and see what is blocking it. Click > on the red > > > > X to the left and it will tell you which rule triggered the block. > > > > You can then use this information to see why its not working. > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
