New to firewalling
-
Hello all,
I am new to firewalling, I switched from a Clark connect box which setup the firewall rules for me. It sucked, caused too many problems to list. I love how this system just run and the web interface is just the best I've seen, I have look at every **nix based firewall on Distrowatch to no avail. I heard about this one for a review I read online. I don't know how to construct my firewall. Where should I look for info on what to block and what should be aloud. I have two WAN's one Internet, and one for a private WAN. I also have an in-house LAN that will be connected to this firewall. I want to protect the in-house LAN from the Internet Wan and Private Wan. I am sorry if I am not wording this right. I do know a little about Iptables but prefer the web based interface your flavor has to offer.
Please point me in the right direction.
Thank you for your help.
Dominic Iadicicco
South Country Library -
A Diagram is always nice to have before recommend anything, that way physical lines / hardware are shown
http://forum.pfsense.org/index.php/topic,1630.0.html
-
Here is that diagram you asked for. I hope it makes sense.
Thanks again
Dominic Iadicicco
South Country Library -
The private WAN/Country wide is just a limited subnet? Can you route between your LAN and that country wide wan or do you need to nat?
-
I don't need NAT for the private WAN. But I would like to protect my in House Lan from attackers on that network, so I do need a firewall and not just a pass through.
Dom
-
Then it's rather easy. Start with a default setup:
WAN
LAN
OPT1 (private WAN/Countrywide)Don't use a gateway when configuring interfaces>opt1. Just enter a valid IP and subnet (if you enter a gateway there it will automatically start natting). Then add system>static routes at OPT1 for the subnets on that interface.
That's it in general. The default config allows LAN to anywhere by default and blocks incoming at WAN and OPT1.
-
Cool,
I will give it a try and ask question as I go along. I guess I am going to learn a lot.
Thanks hoba
Dominic Iadicicco
Network Administrator
South Country Library
22 Station Road
Bellport NY 11713