Hi all,
I setup a new 1.0-RC2 box yesterday with a fairly simple config. On the
wan side a /29 is available and the pfsense box has the second IP of that
block for the wan interface and the first as the gateway. The lan side is
all nat with simple shaper rules (just voip priority). A third interface
is bridged with the WAN to make the additional IPs in our /29 available
for some servers that want routable IPs. There are some simple allow
rules for ports 22, 25, 53, 80, and 443 that specify any src address and
the destination address(es) (as an alias) of the hosts on the bridged
subnet.
Everything is working fine with the LAN, and I have no issues getting
traffic in/out a host on the bridged interface. However I'm seeing that
the "default block" action does not seem to be blocking anything to the
bridged hosts. Nmap from outside shows everything open, and netcat
confirms that I can pass two-way traffic initiated from outside to any
bridged host. Additionally if I mark the "pass" rules for these hosts
with the "log" flag and send traffic matching those pass rules, nothing is
logged. If I setup an explicit deny rule for a bridged host that also has
no effect.
What am I missing here? I have a similar setup at home and I don't recall
doing anything special to block traffic to the bridged IPs. Nothing looks
strange to me in rules.debug, but then again I have a very hard time
reading through the traffic shaping parts of the config...
Thanks,
Charles
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
