The folks over at http://blog.gmane.org/gmane.comp.security.firewalls.pfsense.general are real quick to respond to issues like this. I would give them a shot. On Thu, Feb 20, 2014 at 11:21 AM, Ryan Coleman <ryanjcole at me.com> wrote: > I know some of us use pfSense here and I've only used it for single-IP > functions and for auto-sensing internet paths if a site doesn't have a > static address at the time of programming. > > I'm moving away from single server design on my ESXi box to dedicated > guests for each service but I cannot seem to get those dedicated services > through the firewall. > > I have a 29bit subnet (IPs 1 through 5). Everything is internal to the > ESXi (5.1) server. > > .1 = pfSense Firewall > .2 = OPT1 interface on pfSense > .3 = Customer VM (will port over to OPT2 after this works) > .4 = All-in-one hosted VM > .5 = Same All-in-one hosted VM > > I am going to eliminate .4 and .5 as I pull specific services out and into > VMs (I've already moved the basic part of the FTP, the entire SQL server > and LDAP to internal systems). > > But whenever I set up NAT rules on .2 it seems to be using .1's stuff. > > I will have the following pushed through: > FTP > WWW (one primary, each subserver has functioning Apache for their services) > IMAP SSL/SMTP > SSH (via pushed ports to each server) > > Any thoughts would be helpful. The biggest thing I need to get running now > is the FTP part - I cannot get it to push through nor will it register on > the firewall log that it's being blocked. > -- > Ryan > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20140220/4bf7391a/attachment.html>