• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Outbound PPTP failing after advanced configuration

NAT
2
4
3.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    darrendavid
    last edited by May 19, 2006, 8:27 PM

    hey all-

    so on a totally green out-of-the-box embedded pfsense BETA4 install, I had no issues with connecting to a remote PPTP server from a Windows XP machine on my LAN. After setting up several virtual IPs, inbound port forwarding and traffic queues, I'm not longer able to connect to the same PPTP server. Below is my rules.debug, I'm wondering if there's anything out of the ordinary that might be blocking outbound VPN connections?

    thanks, as always.

    System Aliases

    loopback = "{ lo0 }"
    lan = "{ sis0  }"
    wan = "{ sis1  ng0 }"
    OPT1 = "{ sis2 }"

    User Aliases

    set loginterface sis1
    set loginterface sis0
    set loginterface sis2
    set optimization normal

    scrub on sis1 all random-id
    altq on sis1 hfsc bandwidth 750Kb queue { qwanRoot }
    altq on sis0 hfsc bandwidth 6000Kb queue { qlanRoot }

    queue qwanRoot bandwidth 750Kb priority 0 hfsc { qwandef, qwanacks, qP2PUp, qHTTPUp }
    queue qlanRoot bandwidth 6000Kb priority 0 hfsc { qlandef, qlanacks, qP2PDown, qHTTPDown }
    queue qwandef bandwidth 1% priority 3 qlimit 500 hfsc (  default realtime 1% )
    queue qlandef bandwidth 1% priority 3 qlimit 500 hfsc (  default realtime 1% )
    queue qwanacks bandwidth 1% priority 7 hfsc (  realtime 10% )
    queue qlanacks bandwidth 1% priority 7 hfsc (  realtime 10% )
    queue qP2PUp bandwidth 1% priority 0 qlimit 500 hfsc (  red ecn realtime 1Kb )
    queue qP2PDown bandwidth 1% priority 0 qlimit 500 hfsc (  red ecn realtime 1Kb )
    queue qHTTPDown bandwidth 512Kb priority 2 hfsc (  red ecn )
    queue qHTTPUp bandwidth 512Kb priority 2 hfsc (  red ecn upperlimit 512Kb )

    UPnPd rdr anchor

    rdr-anchor "upnpd/"
    nat-anchor "pftpx/    "
    nat-anchor "natearly/"
    nat-anchor "natrules/    "

    FTP proxy

    rdr-anchor "pftpx/*"
    nat on $wan from 10.0.1.0/24 port 500 to any port 500 -> (sis1) port 500
    nat on $wan from 10.0.1.0/24 to any -> (sis1)
    nat on $wan from 10.0.2.0/24 to any -> (sis1)
    #SSH Lockout Table
    table <sshlockout>persist

    Load balancing anchor - slbd updates

    rdr-anchor "slb"

    FTP Proxy/helper

    rdr on $lan proto tcp from any to any port 21 -> 127.0.0.1 port 8021
    rdr on $OPT1 proto tcp from any to any port 21 -> 127.0.0.1 port 8022

    NAT Inbound Redirects

    rdr on sis1 proto { tcp udp } from any to 111.222.333.444/32 port { 53 } -> 10.0.1.10 port 53

    Reflection redirects

    rdr on $lan proto { tcp udp } from any to 111.222.333.444/32 port { 53 } -> 127.0.0.1 port 19000
    rdr on $OPT1 proto { tcp udp } from any to 111.222.333.444/32 port { 53 } -> 127.0.0.1 port 19001

    rdr on sis1 proto tcp from any to 111.222.333.444/32 port { 8001 } -> 10.0.1.10 port 8001

    Reflection redirects

    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 8001 } -> 127.0.0.1 port 19002
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 8001 } -> 127.0.0.1 port 19003

    rdr on sis1 proto tcp from any to 111.222.333.444/32 port { 22 } -> 10.0.1.10 port 22

    Reflection redirects

    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 22 } -> 127.0.0.1 port 19004
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 22 } -> 127.0.0.1 port 19005

    rdr on sis1 proto tcp from any to 111.222.333.444/32 port { 25 } -> 10.0.1.10 port 25

    Reflection redirects

    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 25 } -> 127.0.0.1 port 19006
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 25 } -> 127.0.0.1 port 19007

    rdr on sis1 proto tcp from any to 111.222.333.444/32 port { 993 } -> 10.0.1.10 port 993

    Reflection redirects

    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 993 } -> 127.0.0.1 port 19008
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 993 } -> 127.0.0.1 port 19009

    rdr on sis1 proto tcp from any to 111.222.333.444/32 port { 995 } -> 10.0.1.10 port 995

    Reflection redirects

    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 995 } -> 127.0.0.1 port 19010
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 995 } -> 127.0.0.1 port 19011

    rdr on sis1 proto tcp from any to 111.222.333.444/32 port 49160:49300 -> 10.0.1.10 port 49160:*

    Reflection redirects

    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49160 } -> 127.0.0.1 port 19012
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49161 } -> 127.0.0.1 port 19013
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49162 } -> 127.0.0.1 port 19014
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49163 } -> 127.0.0.1 port 19015
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49164 } -> 127.0.0.1 port 19016
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49165 } -> 127.0.0.1 port 19017
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49166 } -> 127.0.0.1 port 19018
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49167 } -> 127.0.0.1 port 19019
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49168 } -> 127.0.0.1 port 19020
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49169 } -> 127.0.0.1 port 19021
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49170 } -> 127.0.0.1 port 19022
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49171 } -> 127.0.0.1 port 19023
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49172 } -> 127.0.0.1 port 19024
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49173 } -> 127.0.0.1 port 19025
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49174 } -> 127.0.0.1 port 19026
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49175 } -> 127.0.0.1 port 19027
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49176 } -> 127.0.0.1 port 19028
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49177 } -> 127.0.0.1 port 19029
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49178 } -> 127.0.0.1 port 19030
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49179 } -> 127.0.0.1 port 19031
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49180 } -> 127.0.0.1 port 19032
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49181 } -> 127.0.0.1 port 19033
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49182 } -> 127.0.0.1 port 19034
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49183 } -> 127.0.0.1 port 19035
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49184 } -> 127.0.0.1 port 19036
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49185 } -> 127.0.0.1 port 19037
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49186 } -> 127.0.0.1 port 19038
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49187 } -> 127.0.0.1 port 19039
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49188 } -> 127.0.0.1 port 19040
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49189 } -> 127.0.0.1 port 19041
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49190 } -> 127.0.0.1 port 19042
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49191 } -> 127.0.0.1 port 19043
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49192 } -> 127.0.0.1 port 19044
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49193 } -> 127.0.0.1 port 19045
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49194 } -> 127.0.0.1 port 19046
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49195 } -> 127.0.0.1 port 19047
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49196 } -> 127.0.0.1 port 19048
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49197 } -> 127.0.0.1 port 19049
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49198 } -> 127.0.0.1 port 19050
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49199 } -> 127.0.0.1 port 19051
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49200 } -> 127.0.0.1 port 19052
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49201 } -> 127.0.0.1 port 19053
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49202 } -> 127.0.0.1 port 19054
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49203 } -> 127.0.0.1 port 19055
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49204 } -> 127.0.0.1 port 19056
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49205 } -> 127.0.0.1 port 19057
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49206 } -> 127.0.0.1 port 19058
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49207 } -> 127.0.0.1 port 19059
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49208 } -> 127.0.0.1 port 19060
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49209 } -> 127.0.0.1 port 19061
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49210 } -> 127.0.0.1 port 19062
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49211 } -> 127.0.0.1 port 19063
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49212 } -> 127.0.0.1 port 19064
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49213 } -> 127.0.0.1 port 19065
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49214 } -> 127.0.0.1 port 19066
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49215 } -> 127.0.0.1 port 19067
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49216 } -> 127.0.0.1 port 19068
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49217 } -> 127.0.0.1 port 19069
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49218 } -> 127.0.0.1 port 19070
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49219 } -> 127.0.0.1 port 19071
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49220 } -> 127.0.0.1 port 19072
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49221 } -> 127.0.0.1 port 19073
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49222 } -> 127.0.0.1 port 19074
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49223 } -> 127.0.0.1 port 19075
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49224 } -> 127.0.0.1 port 19076
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49225 } -> 127.0.0.1 port 19077
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49226 } -> 127.0.0.1 port 19078
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49227 } -> 127.0.0.1 port 19079
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49228 } -> 127.0.0.1 port 19080
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49229 } -> 127.0.0.1 port 19081
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49230 } -> 127.0.0.1 port 19082
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49231 } -> 127.0.0.1 port 19083
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49232 } -> 127.0.0.1 port 19084
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49233 } -> 127.0.0.1 port 19085
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49234 } -> 127.0.0.1 port 19086
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49235 } -> 127.0.0.1 port 19087
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49236 } -> 127.0.0.1 port 19088
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49237 } -> 127.0.0.1 port 19089
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49238 } -> 127.0.0.1 port 19090
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49239 } -> 127.0.0.1 port 19091
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49240 } -> 127.0.0.1 port 19092
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49241 } -> 127.0.0.1 port 19093
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49242 } -> 127.0.0.1 port 19094
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49243 } -> 127.0.0.1 port 19095
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49244 } -> 127.0.0.1 port 19096
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49245 } -> 127.0.0.1 port 19097
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49246 } -> 127.0.0.1 port 19098
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49247 } -> 127.0.0.1 port 19099
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49248 } -> 127.0.0.1 port 19100
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49249 } -> 127.0.0.1 port 19101
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49250 } -> 127.0.0.1 port 19102
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49251 } -> 127.0.0.1 port 19103
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49252 } -> 127.0.0.1 port 19104
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49253 } -> 127.0.0.1 port 19105
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49254 } -> 127.0.0.1 port 19106
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49255 } -> 127.0.0.1 port 19107
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49256 } -> 127.0.0.1 port 19108
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49257 } -> 127.0.0.1 port 19109
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49258 } -> 127.0.0.1 port 19110
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49259 } -> 127.0.0.1 port 19111
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49260 } -> 127.0.0.1 port 19112
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49261 } -> 127.0.0.1 port 19113
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49262 } -> 127.0.0.1 port 19114
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49263 } -> 127.0.0.1 port 19115
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49264 } -> 127.0.0.1 port 19116
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49265 } -> 127.0.0.1 port 19117
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49266 } -> 127.0.0.1 port 19118
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49267 } -> 127.0.0.1 port 19119
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49268 } -> 127.0.0.1 port 19120
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49269 } -> 127.0.0.1 port 19121
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49270 } -> 127.0.0.1 port 19122
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49271 } -> 127.0.0.1 port 19123
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49272 } -> 127.0.0.1 port 19124
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49273 } -> 127.0.0.1 port 19125
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49274 } -> 127.0.0.1 port 19126
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49275 } -> 127.0.0.1 port 19127
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49276 } -> 127.0.0.1 port 19128
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49277 } -> 127.0.0.1 port 19129
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49278 } -> 127.0.0.1 port 19130
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49279 } -> 127.0.0.1 port 19131
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49280 } -> 127.0.0.1 port 19132
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49281 } -> 127.0.0.1 port 19133
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49282 } -> 127.0.0.1 port 19134
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49283 } -> 127.0.0.1 port 19135
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49284 } -> 127.0.0.1 port 19136
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49285 } -> 127.0.0.1 port 19137
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49286 } -> 127.0.0.1 port 19138
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49287 } -> 127.0.0.1 port 19139
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49288 } -> 127.0.0.1 port 19140
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49289 } -> 127.0.0.1 port 19141
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49290 } -> 127.0.0.1 port 19142
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49291 } -> 127.0.0.1 port 19143
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49292 } -> 127.0.0.1 port 19144
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49293 } -> 127.0.0.1 port 19145
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49294 } -> 127.0.0.1 port 19146
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49295 } -> 127.0.0.1 port 19147
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49296 } -> 127.0.0.1 port 19148
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49297 } -> 127.0.0.1 port 19149
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49298 } -> 127.0.0.1 port 19150
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49299 } -> 127.0.0.1 port 19151
    rdr on $lan proto tcp from any to 111.222.333.444/32 port { 49300 } -> 127.0.0.1 port 19152
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49160 } -> 127.0.0.1 port 19153
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49161 } -> 127.0.0.1 port 19154
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49162 } -> 127.0.0.1 port 19155
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49163 } -> 127.0.0.1 port 19156
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49164 } -> 127.0.0.1 port 19157
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49165 } -> 127.0.0.1 port 19158
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49166 } -> 127.0.0.1 port 19159
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49167 } -> 127.0.0.1 port 19160
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49168 } -> 127.0.0.1 port 19161
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49169 } -> 127.0.0.1 port 19162
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49170 } -> 127.0.0.1 port 19163
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49171 } -> 127.0.0.1 port 19164
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49172 } -> 127.0.0.1 port 19165
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49173 } -> 127.0.0.1 port 19166
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49174 } -> 127.0.0.1 port 19167
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49175 } -> 127.0.0.1 port 19168
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49176 } -> 127.0.0.1 port 19169
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49177 } -> 127.0.0.1 port 19170
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49178 } -> 127.0.0.1 port 19171
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49179 } -> 127.0.0.1 port 19172
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49180 } -> 127.0.0.1 port 19173
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49181 } -> 127.0.0.1 port 19174
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49182 } -> 127.0.0.1 port 19175
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49183 } -> 127.0.0.1 port 19176
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49184 } -> 127.0.0.1 port 19177
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49185 } -> 127.0.0.1 port 19178
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49186 } -> 127.0.0.1 port 19179
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49187 } -> 127.0.0.1 port 19180
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49188 } -> 127.0.0.1 port 19181
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49189 } -> 127.0.0.1 port 19182
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49190 } -> 127.0.0.1 port 19183
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49191 } -> 127.0.0.1 port 19184
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49192 } -> 127.0.0.1 port 19185
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49193 } -> 127.0.0.1 port 19186
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49194 } -> 127.0.0.1 port 19187
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49195 } -> 127.0.0.1 port 19188
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49196 } -> 127.0.0.1 port 19189
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49197 } -> 127.0.0.1 port 19190
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49198 } -> 127.0.0.1 port 19191
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49199 } -> 127.0.0.1 port 19192
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49200 } -> 127.0.0.1 port 19193
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49201 } -> 127.0.0.1 port 19194
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49202 } -> 127.0.0.1 port 19195
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49203 } -> 127.0.0.1 port 19196
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49204 } -> 127.0.0.1 port 19197
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49205 } -> 127.0.0.1 port 19198
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49206 } -> 127.0.0.1 port 19199
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49207 } -> 127.0.0.1 port 19200
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49208 } -> 127.0.0.1 port 19201
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49209 } -> 127.0.0.1 port 19202
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49210 } -> 127.0.0.1 port 19203
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49211 } -> 127.0.0.1 port 19204
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49212 } -> 127.0.0.1 port 19205
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49213 } -> 127.0.0.1 port 19206
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49214 } -> 127.0.0.1 port 19207
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49215 } -> 127.0.0.1 port 19208
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49216 } -> 127.0.0.1 port 19209
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49217 } -> 127.0.0.1 port 19210
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49218 } -> 127.0.0.1 port 19211
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49219 } -> 127.0.0.1 port 19212
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49220 } -> 127.0.0.1 port 19213
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49221 } -> 127.0.0.1 port 19214
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49222 } -> 127.0.0.1 port 19215
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49223 } -> 127.0.0.1 port 19216
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49224 } -> 127.0.0.1 port 19217
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49225 } -> 127.0.0.1 port 19218
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49226 } -> 127.0.0.1 port 19219
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49227 } -> 127.0.0.1 port 19220
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49228 } -> 127.0.0.1 port 19221
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49229 } -> 127.0.0.1 port 19222
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49230 } -> 127.0.0.1 port 19223
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49231 } -> 127.0.0.1 port 19224
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49232 } -> 127.0.0.1 port 19225
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49233 } -> 127.0.0.1 port 19226
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49234 } -> 127.0.0.1 port 19227
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49235 } -> 127.0.0.1 port 19228
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49236 } -> 127.0.0.1 port 19229
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49237 } -> 127.0.0.1 port 19230
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49238 } -> 127.0.0.1 port 19231
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49239 } -> 127.0.0.1 port 19232
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49240 } -> 127.0.0.1 port 19233
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49241 } -> 127.0.0.1 port 19234
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49242 } -> 127.0.0.1 port 19235
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49243 } -> 127.0.0.1 port 19236
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49244 } -> 127.0.0.1 port 19237
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49245 } -> 127.0.0.1 port 19238
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49246 } -> 127.0.0.1 port 19239
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49247 } -> 127.0.0.1 port 19240
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49248 } -> 127.0.0.1 port 19241
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49249 } -> 127.0.0.1 port 19242
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49250 } -> 127.0.0.1 port 19243
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49251 } -> 127.0.0.1 port 19244
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49252 } -> 127.0.0.1 port 19245
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49253 } -> 127.0.0.1 port 19246
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49254 } -> 127.0.0.1 port 19247
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49255 } -> 127.0.0.1 port 19248
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49256 } -> 127.0.0.1 port 19249
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49257 } -> 127.0.0.1 port 19250
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49258 } -> 127.0.0.1 port 19251
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49259 } -> 127.0.0.1 port 19252
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49260 } -> 127.0.0.1 port 19253
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49261 } -> 127.0.0.1 port 19254
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49262 } -> 127.0.0.1 port 19255
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49263 } -> 127.0.0.1 port 19256
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49264 } -> 127.0.0.1 port 19257
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49265 } -> 127.0.0.1 port 19258
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49266 } -> 127.0.0.1 port 19259
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49267 } -> 127.0.0.1 port 19260
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49268 } -> 127.0.0.1 port 19261
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49269 } -> 127.0.0.1 port 19262
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49270 } -> 127.0.0.1 port 19263
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49271 } -> 127.0.0.1 port 19264
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49272 } -> 127.0.0.1 port 19265
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49273 } -> 127.0.0.1 port 19266
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49274 } -> 127.0.0.1 port 19267
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49275 } -> 127.0.0.1 port 19268
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49276 } -> 127.0.0.1 port 19269
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49277 } -> 127.0.0.1 port 19270
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49278 } -> 127.0.0.1 port 19271
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49279 } -> 127.0.0.1 port 19272
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49280 } -> 127.0.0.1 port 19273
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49281 } -> 127.0.0.1 port 19274
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49282 } -> 127.0.0.1 port 19275
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49283 } -> 127.0.0.1 port 19276
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49284 } -> 127.0.0.1 port 19277
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49285 } -> 127.0.0.1 port 19278
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49286 } -> 127.0.0.1 port 19279
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49287 } -> 127.0.0.1 port 19280
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49288 } -> 127.0.0.1 port 19281
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49289 } -> 127.0.0.1 port 19282
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49290 } -> 127.0.0.1 port 19283
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49291 } -> 127.0.0.1 port 19284
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49292 } -> 127.0.0.1 port 19285
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49293 } -> 127.0.0.1 port 19286
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49294 } -> 127.0.0.1 port 19287
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49295 } -> 127.0.0.1 port 19288
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49296 } -> 127.0.0.1 port 19289
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49297 } -> 127.0.0.1 port 19290
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49298 } -> 127.0.0.1 port 19291
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49299 } -> 127.0.0.1 port 19292
    rdr on $OPT1 proto tcp from any to 111.222.333.444/32 port { 49300 } -> 127.0.0.1 port 19293

    rdr on sis1 proto tcp from any to 111.222.333.555/32 port { 80 } -> 10.0.1.2 port 80

    Reflection redirects

    rdr on $lan proto tcp from any to 111.222.333.555/32 port { 80 } -> 127.0.0.1 port 19294
    rdr on $OPT1 proto tcp from any to 111.222.333.555/32 port { 80 } -> 127.0.0.1 port 19295

    rdr on sis1 proto tcp from any to 111.222.333.555/32 port { 443 } -> 10.0.1.2 port 443

    Reflection redirects

    rdr on $lan proto tcp from any to 111.222.333.555/32 port { 443 } -> 127.0.0.1 port 19296
    rdr on $OPT1 proto tcp from any to 111.222.333.555/32 port { 443 } -> 127.0.0.1 port 19297

    rdr on sis1 proto tcp from any to 111.222.333.555/32 port { 22 } -> 10.0.1.2 port 22

    Reflection redirects

    rdr on $lan proto tcp from any to 111.222.333.555/32 port { 22 } -> 127.0.0.1 port 19298
    rdr on $OPT1 proto tcp from any to 111.222.333.555/32 port { 22 } -> 127.0.0.1 port 19299

    block in all tag unshaped label "SHAPER: first match rule"
    pass in on  $wan proto tcp from any to 10.0.1.0/24 port 6881:6999  keep state tagged unshaped tag qP2PUp
    pass out on $lan proto tcp from any to 10.0.1.0/24 port 6881:6999 keep state tagged qP2PUp tag qP2PDown
    pass in on  $lan proto tcp from 10.0.1.0/24 to any port 6881:6999  keep state tagged unshaped tag qP2PDown
    pass out on $wan proto tcp from any to any port 6881:6999 keep state tagged qP2PDown tag qP2PUp
    pass in on  $wan proto tcp from !10.0.1.0/24 to 10.0.1.2  keep state tagged unshaped tag qHTTPUp
    pass out on $lan proto tcp from any to 10.0.1.2 keep state tagged qHTTPUp tag qHTTPDown
    pass in on  $lan proto tcp from 10.0.1.2 to !10.0.1.0/24  keep state tagged unshaped tag qHTTPDown
    pass out on $wan proto tcp from any to !10.0.1.0/24 keep state tagged qHTTPDown tag qHTTPUp

    anchor "ftpsesame/*"
    anchor "firewallrules"

    loopback

    anchor "loopback"
    pass in quick on $loopback all label "pass loopback"
    pass out quick on $loopback all label "pass loopback"

    package manager early specific hook

    anchor "packageearly"

    carp

    anchor "carp"

    enable ftp-proxy

    pass in quick on sis2 inet proto tcp from any to $loopback port 8022 keep state label "FTP PROXY: Allow traffic to localhost"
    pass in quick on sis2 inet proto tcp from any to $loopback port 21 keep state label "FTP PROXY: Allow traffic to localhost"

    anchor "ftpproxy"
    anchor "pftpx/*"
    pass in quick on sis0 inet proto tcp from any to $loopback port 8021 keep state label "FTP PROXY: Allow traffic to localhost"
    pass in quick on sis0 inet proto tcp from any to $loopback port 21 keep state label "FTP PROXY: Allow traffic to localhost"
    pass in quick on sis1 inet proto tcp from port 20 to (sis1) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection"

    allow access to DHCP server on LAN

    anchor "dhcpserverlan"
    pass in quick on $lan proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server on LAN"
    pass in quick on $lan proto udp from any port = 68 to 10.0.1.1 port = 67 label "allow access to DHCP server on LAN"
    pass out quick on $lan proto udp from 10.0.1.1 port = 67 to any port = 68 label "allow access to DHCP server on LAN"

    allow access to DHCP server on opt1

    anchor "dhcpserverOPT1"
    pass in quick on $OPT1 proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server"
    pass in quick on $OPT1 proto udp from any port = 68 to 10.0.2.1 port = 67 label "allow access to DHCP server"
    pass out quick on $OPT1 proto udp from 10.0.2.1 port = 67 to any port = 68 label "allow access to DHCP server"
    block in log quick on $wan proto udp from any port = 67 to 10.0.1.0/24 port = 68 label "allow dhcp client out wan"

    pass in quick on $wan proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan"

    LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)

    antispoof for sis0
    antispoof for sis2

    block anything from private networks on WAN interface

    anchor "spoofing"
    block in log quick on $wan from 10.0.0.0/8 to any label "block private networks from wan block 10/8"
    block in log quick on $wan from 127.0.0.0/8 to any label "block private networks from wan block 127/8"
    block in log quick on $wan from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12"
    block in log quick on $wan from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16"

    Support for allow limiting of TCP connections by establishment rate

    anchor "limitingesr"
    table <virusprot>block in quick from <virusprot>to any label "virusprot overload table"

    block bogon networks

    http://www.cymru.com/Documents/bogon-bn-nonagg.txt

    anchor "wanbogons"
    table <bogons>persist file "/etc/bogons"
    block in log quick on $wan from <bogons>to any label "block bogon networks from wan"

    let out anything from the firewall host itself and decrypted IPsec traffic

    pass out quick on sis1 all keep state label "let out anything from firewall host itself"

    pass traffic from firewall -> out

    anchor "firewallout"
    pass out quick on sis1 all keep state tagged qP2PUp queue (qP2PUp, qwanacks) label "let out anything from firewall host itself"
    pass out quick on sis1 all keep state tagged qHTTPUp queue (qHTTPUp, qwanacks) label "let out anything from firewall host itself"
    pass out quick on sis1 all keep state queue (qwandef, qwanacks) label "let out anything from firewall host itself"
    pass out quick on sis0 all keep state tagged qP2PDown queue (qP2PDown, qlanacks) label "let out anything from firewall host itself"
    pass out quick on sis0 all keep state tagged qHTTPDown queue (qHTTPDown, qlanacks) label "let out anything from firewall host itself"
    pass out quick on sis0 all keep state queue (qlandef, qlanacks) label "let out anything from firewall host itself"
    pass out quick on sis2 all keep state  label "let out anything from firewall host itself"

    let out anything from the firewall host itself and decrypted IPsec traffic

    pass out quick on sis2 all keep state label "let out anything from firewall host itself"

    make sure the user cannot lock himself out of the webGUI or SSH

    anchor "anti-lockout"
    pass in quick from 10.0.1.0/24 to 10.0.1.1 keep state label "anti-lockout web rule"

    SSH lockout

    block in log proto tcp from <sshlockout>to any port 22 label "sshlockout"

    User-defined rules follow

    Anchors for rules that might be matched by queues

    anchor qwanRoot tagged qwanRoot
    anchor qlanRoot tagged qlanRoot
    anchor qwandef tagged qwandef
    anchor qlandef tagged qlandef
    anchor qwanacks tagged qwanacks
    anchor qlanacks tagged qlanacks
    anchor qP2PUp tagged qP2PUp
    anchor qP2PDown tagged qP2PDown
    anchor qHTTPDown tagged qHTTPDown
    anchor qHTTPUp tagged qHTTPUp
    pass in quick on $wan proto { tcp udp } from any to {  10.0.1.10 } port = 53 keep state  queue (qwandef, qwanacks)  label "USER_RULE: NAT "

    pass in quick on $wan proto tcp from any to {  10.0.1.10 } port = 8001 flags S/SA keep state  queue (qwandef, qwanacks)  label "USER_RULE: NAT apache on frizzle"
    pass in quick on $wan proto tcp from any to {  10.0.1.10 } port = 22 flags S/SA synproxy state  queue (qwandef, qwanacks)  label "USER_RULE: NAT "
    pass in quick on $wan proto tcp from any to {  10.0.1.10 } port = 25 keep state  queue (qwandef, qwanacks)  label "USER_RULE: NAT frizzle SMTP"
    pass in quick on $wan proto tcp from any to {  10.0.1.10 } port = 993 keep state  queue (qwandef, qwanacks)  label "USER_RULE: NAT frizzle IMAPS"
    pass in quick on $wan proto tcp from any to {  10.0.1.10 } port = 995 keep state  queue (qwandef, qwanacks)  label "USER_RULE: NAT frizzle POP3S"
    pass in quick on $wan proto tcp from any to {  10.0.1.10 } port 49159 >< 49301 keep state  queue (qwandef, qwanacks)  label "USER_RULE: NAT frizzle torrentflux"
    pass in quick on $wan proto tcp from any to {  10.0.1.2 } port = 80 keep state  queue (qwandef, qwanacks)  label "USER_RULE: NAT www HTTP"
    pass in quick on $wan proto tcp from any to {  10.0.1.2 } port = 443 keep state  queue (qwandef, qwanacks)  label "USER_RULE: NAT www HTTPS"
    pass in quick on $wan proto tcp from any to {  10.0.1.2 } port = 22 flags S/SA synproxy state  queue (qwandef, qwanacks)  label "USER_RULE: NAT www SSH"
    pass in quick on $OPT1 from 10.0.2.0/24 to  !10.0.1.0/24 keep state  label "USER_RULE"
    pass in quick on $lan from 10.0.1.0/24 to any keep state  queue (qlandef, qlanacks)  label "USER_RULE: Default LAN -> any"
    pass quick proto carp keep state
    pass quick proto pfsync

    VPN Rules

    #–-------------------------------------------------------------------------

    default rules (just to be sure)

    #---------------------------------------------------------------------------
    block in log quick all label "Default block all just to be sure."
    block out log quick all label "Default block all just to be sure."</sshlockout></bogons></bogons></virusprot></virusprot></sshlockout>

    1 Reply Last reply Reply Quote 0
    • J
      jeroen234
      last edited by May 20, 2006, 6:53 AM

      on a virgin pfsense there is a lan rule that allows all ports on the wan to be accest with traffic shaper u remove that rule

      so now you have to open the ptpp port( 1723) to the wan

      allow access on interface lan source all port all  destenation all port 1723

      1 Reply Last reply Reply Quote 0
      • D
        darrendavid
        last edited by May 20, 2006, 6:32 PM

        Hrm, no luck. I added:

        Interface: LAN
        Protocol: TCP/UDP
        Source: *
        Source Port: *
        Destination: *
        Destination Port: 1723
        State type: Keep State

        and I'm still having the same issue, outbound PPTP is failing. anything else i can try?

        thanks, darren

        1 Reply Last reply Reply Quote 0
        • D
          darrendavid
          last edited by May 20, 2006, 7:38 PM

          ah ha! changed the rule to GRE and we're good to go!

          cheers,
          darren

          1 Reply Last reply Reply Quote 0
          3 out of 4
          • First post
            3/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.