There it is; my brain fart. Server had the wrong network default gateway. Changed that and all works well.
Thanks so much for your help. Russ -----Original Message----- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 12, 2007 12:25 PM To: support@pfsense.com Subject: Re: [pfSense Support] 1:1 at wits end Russ Bennett wrote: > I probably am over thinking this...I tend to do that often. > > Any how, I believe I am having success > > 1. I created the VIP with the /29 block I was given. > 2. I created the 1:1 208.83.93.19/32 -> 10.0.1.14/32 > 3. I created the firewall rule > Proto Source Port Destination Port Gateway > TCP * * 10.0.1.14 80 * > > 4. In the logs, I get a green that says > @41 pass in log quick on bge1 inet proto tcp from any to 10.0.1.14 > port=http keep state label "USER_Rule:Web Interface" > The above all sounds good. Since you're seeing the passes, 1-4 are all setup properly and working as they should. > 5. The web interface does not come up in the browser > I'm assuming it works using the private IP internally? At this point, it's a server configuration issue. Most commonly, either the server has the wrong default gateway (it must be pfSense's inside IP), or the service isn't running, or its configuration restricts it from the outside world. The easiest thing at this point might be to run a packet capture on the inside interface of your firewall to see what's really happening. Log into SSH on pfSense and run the following: tcpdump -i fxp0 src or dst 10.0.1.14 replacing fxp0 with your actual LAN interface. Then try to access the site from outside, and see what it shows. Paste the output here if you're not sure what it's telling you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
