Hi,
i use pfsense 1.2.3-RELEASE configured in bridge mode.
I am testing bridge mode and i have a situation like this:
pfsense ip = wan.ip(bge0) / lan.ip(bge1) (but in bridge it have to use
only wan.ip)
server ip = srv.ip
my ip = my.ip
internet gw = gw.net
- pfsense in bridge mode is connected on both nic to a 2960 cisco switch
- server is connected to another switch 2960 uplinked and setup as gw
WAN IP of pfsense.
After i add on LAN rules that ALL can go outside and on WAN rules that
server must have 22 port open to all, just LAN rules works fine for
outgoing traffic but for incoming traffic nothing to do, just icmp.
On shell i can see my rules:
@38 pass in quick on bge0 reply-to (bge0 gw.net) inet from my.ip to any
flags S/SA keep state label "USER_RULE: Damned"
[ Evaluations: 101 Packets: 40 Bytes: 23746
States: 1 ]
[ Inserted: uid 0 pid 2689 ]
@39 pass in quick on bge1 all flags S/SA keep state label "USER_RULE:
LAN ALL"
[ Evaluations: 100 Packets: 167 Bytes: 13630
States: 3 ]
[ Inserted: uid 0 pid 2689 ]
....
@45 block drop in log quick all label "Default deny rule"
[ Evaluations: 97 Packets: 97 Bytes: 5166
States: 0 ]
[ Inserted: uid 0 pid 2689 ]
@46 block drop out log quick all label "Default deny rule"
[ Evaluations: 0 Packets: 0 Bytes: 0
States: 0 ]
[ Inserted: uid 0 pid 2689 ]
When i try to access from my.ip on srv.ip i can see on system logs >
firewall message:
@48 block drop in log quick all label "Default deny rule"
I also checked "bypass firewall rules for traffic on same interface" but
nothing works.
So.. my questions are:
1) Why my custom rules are not applied but they are present ?
2) Why @48 rule block all but on shell there is NO @48 but at least @46 ?
Waiting for your reply
Best regards
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org