lol, nope, is not a reserved range.
Is definitely a misconfiged modem.
From: "Frimmel, Ivan (ISS Sales)" <[EMAIL PROTECTED]>
Reply-To: support@pfsense.com
To: <support@pfsense.com>
Subject: RE: [pfSense Support] Can't get basic routing to work.
Date: Sat, 5 Aug 2006 08:05:24 +0200
Just a thought ..
I have seen ISPs that give out silly IP addresses that can't be routed
and require NAT.
You wouldn't happen to have one of those?
Ivan.
-----Original Message-----
From: A. Jones [mailto:[EMAIL PROTECTED]
Sent: 05 August 2006 06:16 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Can't get basic routing to work.
When you send (initiate) a packet out on port abc, and it is allowed
through, the firewall opens up a "hole" (which is stored in the state
table)
that allows a response from the IP the packet was sent to on the return
port
specified in the packet.
You use inbound rules (WAN->LAN) when you want to allow sessions to be
initiated from the internet/untrusted interface.
As long as the default "allow all" outbound rule is in place, you can do
things like ping and browse the web with no problem from the LAN side.
I appreciate the help though.
The nice/not so nice thing is this...
I did some testing and confirmed my suspicions.
pfSense works beautifully...
lol, my ISP configured the LAN subnet of the dsl modem/router correctly.
The
static route to my WAN port on their main routers correctly correctly.
But
it seems they screwed up a line somewhere on my DSL modem/router and any
packet that is not originating from the same subnet as the DSL modem's
LAN
side on the dsl modem's LAN side is being sent into the ether...
Since, NATed packet originate from the pfSense's WAN subnet which is the
same subnet as the modem's LAN subnet they get through.
But when I turn off NAT, the packets originate from my LAN subnet and
the
packets go for a wild ride into nothingness....
AIYA!!!!
Hopefully, I'll have this fixed by tomorrow morning....
Thanks for everyone's help!!!
It was much appreciated!!!
>From: "Bill Marquette" <[EMAIL PROTECTED]>
>Reply-To: support@pfsense.com
>To: support@pfsense.com
>Subject: Re: [pfSense Support] Can't get basic routing to work.
>Date: Fri, 4 Aug 2006 22:28:20 -0500
>
>Not for inbound traffic it isn't.
>
>--Bill
>
>On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote:
>>The original rule on the firewall is already good for that.
>>
>> >From: "Bill Marquette" <[EMAIL PROTECTED]>
>> >Reply-To: support@pfsense.com
>> >To: support@pfsense.com
>> >Subject: Re: [pfSense Support] Can't get basic routing to work.
>> >Date: Fri, 4 Aug 2006 16:32:28 -0500
>> >
>> >On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote:
>> >>I have a whole subnet, routing is what I need.
>> >>The computers also MUST have public IP addresses assigned to their
>> >>interfaces.
>> >>That will also screw me over when one of the subnets needs to talk
to
>>the
>> >>other subnet using public IPs....
>>
>>http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en
>> >>
>> >>I also would have to get my ISP to change the routing to my network
as
>>the
>> >>routing currently is
>> >>
>> >>xxx.xxx.xx1.001 modem
>> >>xxx.xxx.xx1.002 WAN
>> >>
>> >>xxx.xxx.xx2.001 LAN
>> >>xxx.xxx.xx2.002 Computer
>> >>xxx.xxx.xx2.003 Computer
>> >>xxx.xxx.xx2.004 Computer
>> >>xxx.xxx.xx2.005 Computer
>> >>
>> >>and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002
>> >>so there are no "extra" IPs on the outside with which to do 1:1 to
>>begin
>> >>with.
>> >
>> >Actually, for this you use the "other" virtual IP type. But that's
>> >beside the point since you have a requirement for public IPs on the
>> >actual machines. Enabling advanced outbound nat, then deleting the
>> >rules _should_ be the way you need this to work. I assume you put
>> >rules in on the WAN interface to allow the traffic?? :)
>> >
>> >--Bill
>> >
>>
>---------------------------------------------------------------------
>> >To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>>
>>_________________________________________________________________
>>Express yourself instantly with MSN Messenger! Download today - it's
FREE!
>>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
