Scott,
Ok. Thank you very much. Each tab on "Firewall> Rules" page control the
traffic incoming on each corresponding interface.
--
Diego
----- Original Message -----
From: "Scott Ullrich" <[EMAIL PROTECTED]>
To: <support@pfsense.com>
Sent: Thursday, April 05, 2007 1:44 PM
Subject: Re: [pfSense Support] IPSec Issue Report
On 4/5/07, Diego Morato <[EMAIL PROTECTED]> wrote:
> I´m using ipsec to connect three branch offices. There is a issue with the
> firewall described below:
>
> I´m not allowing output traffic from LAN subnet to WAN, so I disabled the
> default LAN rule "Default LAN -> any", however disabling this rules causes
> LAN subnet not reach the ipsec tunnels. After creating a LAN rule allowing
> LAN subnet to the others remote LAN subnet, everything goes fine.
Yes, and this is no different from how LAN -> WAN traffic is permitted as
well.
> I think the logic of the webgui show that traffic between remote lan
> subnets
> through ipsec tunnels are controlled by ipsec rules, but LAN rules are
> affecting this traffic!
> The default ipsec rule "Permit ipsec traffic" are enabled.
Yes. The IPSEC interface is to allow you to control incoming traffic
from across the VPN.
There is no differences in the way this works vs. filtering traffic
out the WAN. We filter on incoming interface.
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
