Can you paste some state entries from diagnostics>states for this connection?
Holger > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 15, 2006 4:06 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] Curious radius problem > > No sir, no gateways specified. > > -----Original Message----- > From: Holger Bauer [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 15, 2006 8:52 AM > To: support@pfsense.com > Subject: RE: [pfSense Support] Curious radius problem > > Did you specify gateways for other interfaces than WAN? If an > interface has a gateway set it will be automatically natted > as it is considered to be another WAN-kind interface. If you > want to shut that down you can do so by either deleting the > gateway and adding appropriate static routes or by enabling > advanced outbound NAT at firewall>NAT, outbound and creating > only the mappings you need. > > Holger > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, November 15, 2006 3:48 PM > > To: support@pfsense.com > > Subject: [pfSense Support] Curious radius problem > > > > I have the following setup: > > > > LAN------PfSense------WAN > > | | | > > | | | > > OPT1------- | -------OPT2 (WLAN) > > (GOV) | > > OPT3 (DMZ) > > > > The DMZ houses our exchange server, running IAS. When our wireless > > access points (in WLAN) attempt to communicate with IAS, the IAS > > server logs the radius request as coming from the OPT2 interface of > > pfsense (in my case, 192.168.10.254), rather than from the > IP of the > > access point. I have the proper entries in IAS, and indeed > this setup > > was functional roughly until my upgrade to 1.0 (currently 1.0.1). > > > > All other traffic between the subnets can route correctly, and if I > > move the access point to the same segment as the IAS server > (and make > > necessary IP adjustments on both the access point and the > client entry > > > for radius auth), then all is well. To reiterate, > everything is fine > > unless pfsense is in the middle of the two devices, at > which point IAS > > > doesn't see the request coming from the AP, rather from the gateway > > interface on that segment (pfsense). Traffic rules between the two > > segments are wide open. > > > > Any ideas as to where/what to proceed with? > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional > > > commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
