2.0-RC NAT Port Forward LAGG interfaces.
-
This is my problem at hand. I'm trying to forward FTP and HTTP to a machine behind my firewall. I've setup the NAT port-forward rules using linked rules. When ever I try to hit FTP or HTTP I see the connection in the log being denied. When I hit the red button with a white X. I see the following message on the denyed connection.
The rule that triggered this action is:
@1 scrub in on lagg0 all fragment reassemble
@1 block drop in log all label "Default deny rule"I'm going to attach a png with my rules for the FTP port forward.
-
Can you please show us the firewall rules on top of you NAT firewall rule ?
Firewall rules are working from top to down. Perhaps there is a rule before this rule which blocks ftp transfer. -
If that was the case it wouldn't say that is was getting dropped by the default rule. When I look at pfctl -s nat I don't see any rules or even if I do a pfctl -sr that show rules allowing traffic to 10.50.1.20.
-
Guessing you're on a snapshot where check_reload_status isn't working right (some day(s) last week), upgrade to the latest if that's the case.
-
I'll give that a try.