[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 7 Jul 2010, Martin Gautier wrote:
Anyone out there with pfSense experience? I'm good at IPCop but I'm having trouble getting inbound data on a red/green/orange config on a pfSense box. An old IPCop box has broken and I've replaced it with a natty little box with pfSense pre-installed - same cabling etc, just a different box. My set up is internet -> router (DMZ pass-through and firewall disabled) [10.0.0.1] -> [10.0.0.2] "red" port on pfsense web server [192.168.2.2]-> [192.168.2.1] "orange" port on pfsense. LAN [192.168.1.0]-> [192.168.1.1] "green" port on pfsense. Outbound on green and orange works fine. The pfsense webgui can be seen from green and orange but not when connected to one of the router ports (ie. 10.0.0.10 trying to get in via "red"). With various fiddling it seems that the router is happily squirting packets out of 10.0.0.1 but they're either not arriving at 10.0.0.2 (unlikely, single cable, fully tested) or they are arriving at 10.0.0.2 and the pfsense box is throwing them away for some reason. I "think" my pfsense NAT and firewall settings correct but there's obviously something wrong somewhere....
I'm wondering why you don't just put a generic Linux distro on your firewall box (the one you're running pfSense on) and write your own iptables script. What you're trying to achieve is only a few dozen lines of iptables instructions - you can maintain it quicker without the overhead of using a GUI.
You also have one extra level of NAT involved too - I'd enable DMZ pass-through on the router or some sort of briding mode and have your external IP address appear directly on your Linux box. If your firewall box has 3 Ethernet ports, then it's working in a way very similar to my own setup.
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq