|
||||||||||
Chris Buechler wrote: > On 6/14/06, Matchstick <matchstick at oofg dot com> wrote: >> >> I've set up a rule on the WAN interface to allow access to the WebGUI on >> the static WAN IP address from a specific static IP address. >> However when I try to make the connection it times out. The relevant >> entries in the firewall log are: >> > > Which rule is actually blocking it? > http://doc.m0n0.ch/handbook/troubleshooting-firewall-rules.html > > The way you described how you have it setup seems correct. > > -Chris > Chris, the raw filter log entries are: Jun 14 15:25:49 firewall ipmon[85]: 15:25:48.678783 sis1 @200:1 p <external IP>,3490 -> <WAN IP>,443 PR tcp len 20 48 -S K-S IN Jun 14 15:25:49 firewall ipmon[85]: 15:25:48.678913 sis0 @0:9 b <external IP>,3490 -> <WAN IP>,443 PR tcp len 20 48 -S IN Jun 14 15:25:52 firewall ipmon[85]: 15:25:51.676017 sis0 @0:9 b <external IP>,3490 -> <WAN IP>,443 PR tcp len 20 48 -S IN Jun 14 15:25:58 firewall ipmon[85]: 15:25:57.713710 sis0 @0:9 b <external IP>,3490 -> <WAN IP>,443 PR tcp len 20 48 -S IN Which point to the ipfstat rules 200@1 @1 pass in log first quick proto tcp from <external IP>/32 to <WAN IP>/32 port = 443 keep state group 200 0@9 @9 block in log quick on sis0 from !<LAN SUBNET>/24 to any I personally can't see anything wrong with the first rule but I can't see any reason at all that packets sent via the WAN interface to the WAN IP address would ever interact with the LAN interface rules. Any ideas ? Thanks Paul Browning matchstick at oofg dot com |