What CIDR block and firewall rules for WAN Security needed?
-
@johnpoz Thank John I'll check settings.
I might have added setting I shouldn't have. -
@burlinwa If I were you, and you're just playing around in a homelab setting, and you're not too deep into the weeds with settings and stuff, would be to reset to default settings and start over from scratch. It's really easy to do.
Then, when you're back up and running (should take less than 10 minutes), make lots of notes, make lots of config "saves" as you go, and figure out what you're doing.
-
@akuma1x I have considered that and will make small changes and test and put more meaning descriptions: required, do not edit, mandatory order, and I think that will help. Thanks.
-
@burlinwa Are you familiar with making periodic (or on demand) config backups?
https://docs.netgate.com/pfsense/en/latest/backup/configuration.html
If you are playing around and experimenting, learning how the system works, this is a really easy way to "roll-back" config settings to a known working version, after you make a mess of your settings. This way, you can reload that config back into pfsense, wipe the incorrect stuff out, and be back up and running in a matter of minutes. I've used it plenty of times on my stuff too.
-
@akuma1x Yes Sir, I'll do a reset and get my backups setup again.
I'll document better and put notes on what I changed in between backups.
That way I might just revert or disable changes and see if it corrects problem before opting for a backup configuration restore.
I'll try to avoid messing with setting at 1 am in the morning as well. 🥺 -
@burlinwa Even easier way to restore is to use the Auto Config Backup service provided by Netgate. Find it in the Services menu.
You can literally go back to before you made each change, or go all the way to a fresh install. -
@jarhead said in What CIDR block and firewall rules for WAN Security needed?:
@burlinwa Even easier way to restore is to use the Auto Config Backup service provided by Netgate. Find it in the Services menu.
I use this myself, so I know what you're talking about. But, is this turned on by default for every installation of pfsense? Or, does the user have to initiate it by manually turning it on?
I checked the ACB instructions in the online manual, but it doesn't specify one way or the other - on or off by default.
So, yes, I would agree with you, but I would bet lots of pfsense users don't even realize that this a built-in function on their systems.
-
@akuma1x Has to be turned on. Definitely worth turning it on!
-
@burlinwa said in What CIDR block and firewall rules for WAN Security needed?:
@jarhead I thought the wan cidr has to be set specifically for is provider
If you’re asking about the subnet mask your ISP would give you that, either with static IP settings, or if they tell you to use DCHP then they set it. Static IPs are often smaller like a /29 or /30. We have a /25 in our data center.
-
@steveits Thank you and yes the subnet is what I was referring to.
I have to connect my WAN interface in a wonky way to wireless shared internet from my laptop currently.
Thank you for the info as it is working correctly now. -
@jarhead I have automatic backups on and will do a manual backup each time I login to pfsense before changes. A valuable reminder. Thank you.