what it makes me thinks is pfsense firewall part, is the fact that if I disable the firewall stuff in pfsense everything starts working ok, I mean, Lan machines are able to go outside, if pfsense is running just as a routing platform, once I enable the firewall I loose the trafic on this hosts, I will try to go deep on this tomorrow, I will start with a fresh install, since there is a lot of rules on the wan interface and also many aliases, maybe some kind of typo on the aliases or rules, I will start at first steps, and I will try to reproduce this in a basic config, without so many rules, I'm lucky since I'm testing, I let you know the progress.
Best regards 2008/8/19 Bill Marquette <[EMAIL PROTECTED]>: > On Tue, Aug 19, 2008 at 7:03 PM, Bill Marquette > <[EMAIL PROTECTED]> wrote: >> On Tue, Aug 19, 2008 at 4:07 PM, Aliet Santiesteban Sifontes >> <[EMAIL PROTECTED]> wrote: >>> Hi, all I'm using a new installed pfsense 1.2.1 with three attached >>> newtoks, wan, lan and optional 1, I have defined rules on lan >>> interface to allow all outgoing connections on that interface, but >>> everything is blocked, a test in dns server query shows this on pftop: >> >> What makes you think pfSense is blocking the traffic? Are the logs >> pointing to this? Have you tcpdump'd on the outside interface to show >> the traffic not leaving the firewall? Maybe it's not getting NAT'd >> correctly - are you expecting it to be NAT'd? Also, ASCII network >> diagrams rarely work properly for anyone using systems that render >> email with truetype fonts, can you provide an image with your layout >> (not that I suspect this is of issue, but since you provided one and >> it'd be helpful to understanding what it is you are trying to do, it'd >> be nice). Thanks >> >> --Bill >> > > BTW, hit send to early, but pftop is clearly showing that the state is > getting inserted in the firewall state table. pfSense isn't blocking > this. It may not be contributing to making it work, but that will > likely be due to a misconfig, not due to the platform itself. > > --Bill > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
