Lucky guess. I'm not sure what the solution is. Can you paste your firewall rules in regards to this situation.
Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Fri, Aug 22, 2008 at 1:48 PM, Phillip Gonzalez <[EMAIL PROTECTED] > wrote: > Curious as to what your hunch was about the high ports (50000 thru 65535) > as the 50K range are the ones that are getting blocked. > > > Thanks, > > -phil > > > > > > NAT issue? That setup is a little out of the norm as you have pointed > out > > but it should still work. An IP is and IP, a port is a port and a > > protocol > > is a protocol. Doesn't get much simpler. Does it happen to block just > > high > > ports (i.e. 50000 thru 65535?) or is it random? > > > > Curtis LaMasters > > http://www.curtis-lamasters.com > > http://www.builtnetworks.com > > > > > > On Thu, Aug 21, 2008 at 9:50 AM, Phillip Gonzalez > > <[EMAIL PROTECTED] > >> wrote: > > > >> weird problem i'm trying to figure out. i have pfsense 1.2 running and > >> configured with 3 interfaces and a vpn tunnel. i'm trying to allow a > >> public ip address access into my dmz. > >> > >> i have a rule setup to allow the public ip(static) using udp to the dmz > >> subnet which is 10.0.0.0/24. the rule is configured to allow all UDP > >> traffic sourced from any port access to my 10.0.0.0/24 destined for any > >> port, from the defined static ip. > >> > >> the rule is configured on the WAN interface and is placed above the > >> default drop all traffic rule. > >> > >> > >> my problem is that sometimes the traffic passes as expected and other > >> times it's blocked (as verified by my firewall logs) by the default drop > >> all rule. > >> > >> i'm trying to allow access from one static ip address (my voip provider) > >> into my dmz where my phone box sits. when it works my phone rings when > >> the > >> traffic is blocked obviously it doesn't ring. > >> > >> also, i have several other rules configured accross the multiple > >> interfaces and they are all working as expected. furthermore, i would > >> say > >> that this current voice over ip rule that i'm having problems with works > >> 85% of the time. > >> > >> > >> ps; it would be nice if my voip provider (lingo) wouldn't span > >> thousands > >> of ports, which is why i'm allowing SRC port any --> DST port any from > >> this static ip. calling their tech support doesn't help either they > >> don't > >> even know what ports i'm suppose to let through. > >> > >> any ideas? > >> > >> thanks, > >> > >> -phil > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
