• Hi alla and excuse my little english.
    Sorry for cross posting but in italian section i can't find answers.

    This is the situation:
    pfsense 2.0.1
    WAN: no problem here
    LAN: static only standard rules in firewall (anti lockout and lan to any), no problem here i can go to wan and opt
    OPT1: static i need to allow this net go to local lan, to some hosts only.

    Firewall rules for OPT1:
    Block TCP/UDP OPT1 Net port 135
    Block TCP/UDP OPT1 Net port 137-139
    Block TCP/UDP OPT1 Net port 445
    Pass * OPT1 Net * LAn net * (this is pass 192.168.1.x to my lan no matter the port, i'm right?)

    Actually pfsense isn't my gateway so i had to add static route on my pc (win xp) on the LAN interface
    add route mask
    And i can see opt1 net.

    I'm doing the same thing on a client in opt1 net (win xp, just for hosts i need):
    add route mask
    add route mask
    add route mask
    add route mask

    i can ping and get answers from (my pc on the LAN interface)
    i can't have any answer from on lan interface (centos server)
    on i have samba listening, allowed hosts and
    on i have http, but not checked out ports/addresses
    on i didn't tested services yet

    Maybe there's anything about NAT to configure?

    thanks in advance.

  • Thoughts  ???
    Add routes to the gw or the returning TCP traffic won't know which way to return, and it has to come back the same way.
    Traceroute from PC and pfSense to each other, note the return route via gw.
    You might be able to ping, but telnet x.x.x.x xx won't work.
    Route the whole subnet, and control the hosts with firewall rules, mask mismatched?
    add route mask

    No NAT between OPT1 and LAN

  • Thanks, but i've already:
    from traceroute
    1 1ms 1ms 1ms (pfsense)
    2 * * * * no route to host

    opened icmp, same result

    1 1ms 1ms 1ms (pfsense)
    2 1 ms

    I can see nothing in firewall rules log!

    I think i have to do something on the servers.

    Edit: seems that windows ask something on 139 and 445 ports to establish connections using samba, so my first rules break.

  • So try routing the whole subnet first, to try to get it working.
    delete the other 10.71.9.xxx routes.
    add route net mask gw or whatever syntax your os uses.

    Check the server gw if it is not then 'add route net mask gw although it should be the default gw.

    If that doesn't work, try opening up the firewall by disabling the OPT1 port rules. Although with nothing in Firewall logs, I still think you have a routing issue.

  • isn't the default gateway on the lan, it doesn't need to.

    partially solved.

    Added a static route from servers to the opt1 net and now a can ping/trace from servers to client and viceversa.

    Now let me see if i can connect.



© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy