On Tue, Jul 19, 2011 at 3:18 PM, Chris Brennan <xa...@xaerolimit.net> wrote:
> On 7/19/2011 3:08 PM, Moshe Katz wrote: > > Your firewall rule is wrong. It needs to allow from ANY source port to > > 2500 destination port. The source port is random from the client and > > the port that you want to open on the firewall is 2500. When you > > redirect that to port 80 using port forwarding, that is after it has > > already passed through the firewall successfully. > > > > It looks like you are using pfSense 1.2.x. If you can update to one of > > the 2.0 release candidates (I don't know how updates work for the > > Netgate-branded version), it has a feature that will automatically > > create the proper firewall rule when you forward a port. > > Moshe, > Yes, I am using 1.2.x, it's what was installed on this netgate, I don't > know how to (yet) upgrade to one of the 2.0x RC's of pfSense, I was > thinking about this but unsure how to go about it. if there is some > documentation on this I would be greatly appreciative. > > When I added the NAT rule, it added the fw rule automatically. So I am > not sure what you mean, the FW rule is allowing from any source, > effectively *:2500, which is what I want, to only allow specific ports > though. > > -- > > Chris Brennan > > -- > > A: Yes. > > >Q: Are you sure? > > >>A: Because it reverses the logical flow of conversation. > > >>>Q: Why is top posting frowned upon? > > http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ > > GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C) > ------------------------------------------------------------------------ > In a firewall rule, the "Source Port" means where it is coming from on your computer. Your computer usually picks a random port to use when you visit a site in your web browser. So putting "Source Port"=2500 in your rule will not work. 2500 is the "Destination Port" in the firewall rule. In "screenshot42h.png", that last row should say: - Protocol: TCP - Source Address: * - *Source Port: ** - *Destination Address: WAN_IP* - *Destination Port: 2500* - Gateway: * - ... The bold ones are the ones you need to change. Moshe ------------------------------ Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732
