Want to know about firewall/nat rules
-
Destination WAN-address means exactly that: when the destination is the IP of the WAN of pfSense (never going to happen, unless you want to access the webGUI via the WAN).
Set the destionation to any (the internet is any, right?) and 192.168.5.1 will no longer be able to access the internet.
-
ok, but it closed vpn too… how can i keep vpn and ftp inside vpn open?
-
Obviously, since you closed all ports for your .5.1 client.
Open up the VPN ports and your host should be fine accessing a VPN. Remember to put the allow rule(s) above the block all rule (first come, first serve)! -
Obviously, since you closed all ports for your .5.1 client.
Open up the VPN ports and your host should be fine accessing a VPN. Remember to put the allow rule(s) above the block all rule (first come, first serve)!what is "vpn ports"? as far as i know ipsec is riding on top of tcp and udp and not using ports.
i have everything open on ipsec tab. should i open tcp/udp 500 port on lan? but this port is used only for isakmp negotiations and it is done by pfsense already. thanks! -
You didn't tell us which VPN solution you are using alas I couldn't answer that question exactly.
For IPsec you need pass rules for AH and ESP protocols, not ports.
Further reading might start (but isn't limited to! ;D) here:
http://en.wikipedia.org/wiki/Ipsec -
???
i don't understand how ah and esp could be involved here? may be if i do this it'll clear some thingsvpn tunnel
192.168.5.1 - > [pfsense] < –----(internet)------ > [pfsense] <- 192.168.1.129
xp wrkstn vpn server vpn server web/ftp server
ipsec ipsecwhat i wanna do is to close access to the internet for 192.168.5.1 but keep access to 192.168.1.129 open for this station.
ipsec tab in rules is set to allow everything. closing everything for .5.1 on lan and then opening ah and esp wont do anything. WALL
thanks! -
You are asking the wrong questions and only give hints in pieces.
We are not here to pull each and every useful piece of information out of you…
With 121 post as of today I don't consider you a newbie anymore needing to be spoon-fed.ok, but it closed vpn too… how can i keep vpn and ftp inside vpn open?
Your client .5.1 obviously needs access to client .1.129 for specific services.
The VPN tunnel should be completely transparent for this machine, shouldn't it?Have you tried creating a rule for .5.1 to access the other IP and maybe limiting it to the respective services?
-
Did you read the link i posted in my first reply?
If you really want help you should provide all availlable information.
You didnt say anything about pfSense handling the VPN connection.
As you described it, it sounded as if the client behind pfSense initiated a VPN connection.Anyway: Can you figure that if you want access over the VPN connection, that you need a rule to allow this access?
Just create a rule above your block rule that allows as destination the other side of your tunnel.Alternatively you could change your existing block rule to: Destination: "NOT other_side_of_tunnel".
-
crushed and destroyed :-[
[b]GruensFroeschli i'll read your first post again :(thanks for your help guys! :)
-
No need to be crushed and destroyed :)
Just read the availlable info more carefully ;)
If you have any questions just ask again.
