How do i check to see if my firewall rules are working
-
ok i disabled the default lan to any rule and left all the other rules but users were not able to surf the internet nor was i able to retrive mail from an outside mail server
-
udp 53 isnt that for the wan side (cause if it is for external dns requests it should be from wan to lan)
Could you explain this in more details?
-
ok i disabled the default lan to any rule and left all the other rules but users were not able to surf the internet nor was i able to retrive mail from an outside mail server
Ok, what was going on? Did you try to ping google.ca and got name resolved? How do you access your external mail server?
-
ok i disables default lan to any an i was not able to ping google.com not even 4.2.2.2 as soon as i enable default lan to any i recieve packets
-
You do not have rule allowing ICMP traffic that is why your pings failed. Believe me rules are working in exact way you've created them.
-
udp 53 isnt that for the wan side (cause if it is for external dns requests it should be from wan to lan)
Could you explain this in more details?
reason i said that is cause port 53 jus resolves a domain to an ip, and the wan interface would be the first to get the reply from the domain transfering it to the lan interface via port 53 to a lan address via any port once it reaches the lan subnet ( or so i think )
-
ok wow thanks i went back into the books quote Wikipedia "The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite". how could i miss the word core so it seems like i can ping and browse now just a little bit slow so i guess that means i have to go into configuring bandwidth settings now thanks Eugene this will definitely assist me in my feature networking endeavors.
-
udp 53 isnt that for the wan side (cause if it is for external dns requests it should be from wan to lan)
Could you explain this in more details?
reason i said that is cause port 53 jus resolves a domain to an ip, and the wan interface would be the first to get the reply from the domain transfering it to the lan interface via port 53 to a lan address via any port once it reaches the lan subnet ( or so i think )
I think you misunderstand theory. What do you have on LAN as DNS server - separate server or pfSense itself?
In first case your server will be trying to reach some external DNS server and answers from this external server will not be filtered by PfSense at WAN interface (you do not have to create any rulese on WAN for it). So, if it is your scenario then you have to creater rule on LAN to allow DNS requestes to go from LAN to Internet. -
I have a seperate server and ok that makes alot of sense now thanks
wait one more question i should leave icmp to any so that it can facilitate all of the replies from a ping request right.
and also i have a pc at x.x.x.78 which needs to access a mail server outside the firewall should i just create a rule for it or is there a work around ( since i honestly don't want to open port 25 in case the PC is infected with spam Trojans that will use the open port to send spam an get me black listed again) -
If you have pc at LAN which should be able to an e-mail server outside using port 25 then you should open this port for this PC (putting it as a source IP). In destination pur the IP of this server. In this way the PC will be able to connect to only this server.