Jason Collins wrote:
> Glad to post the config -- I am assuming you want the rules and not
> the whole thing (it' rather large)? I figured out from the
> documentation and having used other firewalls the top to bottom
> filtering and in an effort to get it working, tried leaving out a
> deny rule altogether and it still wouldn't let anything through.
> Anyway, here's the rules config:
>
> <rule>
> <type>pass</type>
> <interface>lan</interface>
> <protocol>tcp</protocol>
> <source>
> <network>lan</network>
> <port>443</port>
> </source>
> <destination>
> <any/>
> <port>443</port>
> </destination>
> <descr>HTTPS Out (Allowed)</descr>
> </rule>
I Snipped everything but this one to show your confusion. The source
port for traffic for most services is not the same as the destination
port. The web browser will choose a random port (I cant think w/o coffee
- don't remember the range) above 1024. The source port should be any.
<rule>
<type>pass</type>
<interface>lan</interface>
<protocol>tcp</protocol>
<source>
<network>lan</network>
***note => <port>any</port>
</source>
<destination>
<any/>
<port>443</port>
</destination>
<descr>HTTPS Out (Allowed)</descr>
</rule>
There are some services that the source port will be the same as the
destination port. I think DNS is one of these (note still no coffee...
Someone correct me please) my suggestion would be to make the source
port be "any" just to be safe.
_________________________________
James W. McKeand | 