I'm missing something simple. Can't access my computers from WAN side.



  • Running pfsense 1.2RC3 embedded on Dell PowerEdge 750 server
    2WAN, 1 LAN setup but that is irrelevant I think, because I haven't set up load balancing or failover yet.

    Computers on the LAN side can access each other and "the outside" no problem. LAN side has one keepstate firewall rule that lets everything out.

    Here is my setup.

    My DSL modem/router is 67.204.29.25. It is pingable from the internet. It has NAT and firewalling turned off so it should not be a factor (I think).

    My pfSense box is 67.204.29.26 (on the OPT1 interface because I have another DSL connection on WAN, but it is a single IP NATed setup for outgoing connections only at this point).

    My problem: I cannot ping or access the admin site for my pfSense box from the internet.

    • I DO have a logged keepstate firewall rule on my OPT1 interface allowing ICMP from any to any.

    • I DO have a logged keepstate firewall rule on my OPT1 interface allowing TCP 443 from any to any.

    • The system log DOES show ALLOWED ICMP packets from other machines on the internet when they ping 67.204.29.26 BUT no response makes it back to the source host.

    • The system LOG DOES NOT show any blocked packets.

    • An nmap port scan shows all ports as filtered and host not alive from the internet

    • If I ping from the DSL modem (67.204.29.25 to 67.204.29.25) I get replies.

    I have to be missing something simple here, but I've spent many hours trying to figure out what.

    Other stuff I've tried:

    • creating a virtual IP and creating a 1:1 NAT link from that IP to a machine on LAN side that I know is pingable, can't ping, system log shows allowed ICMP packets.
    • putting DSL modem on WAN side into passthrough/DMZ mode and pinging that IP (rule added to allow), nope.

    Help!





  • Yep, did that. Changed the admin port to 443/HTTPS for security and added firewall rules on WAN and OPT1 allowing TCP 443 from any to any.


Log in to reply