Allow access from Europe

chudak

@stephenw10 said in Allow access from Europe:

@chudak said in Allow access from Europe:

You have to put them above the pfBlocker rules as I said. Otherwise pfBlocker will obviously block that traffic first.

Of cause, I forgot about the order of the rules!

@chudak said in Allow access from Europe:

Wonder if I can do this trick using the same DDNS name on different machines: iPhone, iPad etc?

If they are all behind the same public IP address then sure. And you'd only need to run the client on one of them.

Col, so I will use it on iPhone iPad all I need is to find a good DDNS iOS client.

Any clues how to test it from the US?

NogBadTheBad

@chudak my rule is for enabling ssh from the UK where I'm based so its easy to test, I just switch the two rules on when required, otherwise they are off.

NogBadTheBad

@chudak said in Allow access from Europe:

Any clues how to test it from the US?

You could sign up to a VPN provider create a connection to Germany, policy route a subnet hanging via the German VPN connection and then try and run your VPN connection to home over it.

stephenw10

@chudak said in Allow access from Europe:

Any clues how to test it from the US?

Just run it from somewhere in the US and then try to connect. You will see states and traffic on your pass rule if it's being used. It will only be used if the dyndns is being correctly updated and resolved.

chudak

@stephenw10 said in Allow access from Europe:

Install the dyndns client on your laptop, for example. Then run the update from where ever you are. Have a rule that passes traffic from that above the pfBlocker block rules.

Regarding the FW rule.

I added an alias and a new rule before pfBlockerNG in the floating section.

So far I see no traffic

stephenw10

Yes just use the hostname in an alias. By default pfSense resolves it every 300s. You can reduce that if required in Sys > Adv > Firewall but you probably don't need to. The TTL is often higher than that anyway.

chudak

@stephenw10
Did you actually do this kind of set up?

So far I don't see it's working.

Here is what I have

added DDNS "full_access"
added alias "full_access"
added a rule on WAN interface to all protocols any destination
placed the rule in the Floating above pfB rules

At this point, I assume I can access all my network resources from any network from my iPhone as long as DDNS "full_access" is my iPhone IP address

And it does not work so far :(

stephenw10

Check that the rule is still at the top of the list. pfBlocker can re-create it's rules at the top of the list depending on how you have it set.

Check the floating rule is set to quick.

Make sure pfSense can resolve 'full_access' to the correct IP address.

chudak

@stephenw10 said in Allow access from Europe:

Check that the rule is still at the top of the list. pfBlocker can re-create it's rules at the top of the list depending on how you have it set.

Check the floating rule is set to quick.

Make sure pfSense can resolve 'full_access' to the correct IP address.

I can't make it work :( and pfB keeps moving all rules on top

But found a good site to test global ping when playing with pfB
https://www.jsdelivr.com/globalping

stephenw10

Yes pfBlocker puts it's rules at the top by default. You need to change the rule handling to allow custom rules above it.

Or you can use a pass rule for the dyndns name in pfBlocker so it gets added at the top anyway.

Is pfSense resolving the host correctly?