Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting up New Firewall

    Scheduled Pinned Locked Moved Firewalling
    11 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      podilarius
      last edited by

      These look like NAT entries and not necessarily firewall rules. IT looks more list 1:1 NAT or manual outbound rules than anything.
      PErhaps these are in sections that you have not posted here.

      1 Reply Last reply Reply Quote 0
      • I
        IdahoTech
        last edited by

        OK I will have to check those out and compare them to what I have in the firewall already.

        Also where our range is all coming in on one wire from our provider it goes from 62 to 90 as the last number in the IP range. The 62 is our Web, Email (once I get that setup back in Novell) https, etc and then all the other IP's from 63 to 90 how would those be entered into the system? Would those be NAT, Virtual IP, or or under rules. Sorry for being such a noob, but going from a premade firewall to a handmade firewall.

        Thanks

        1 Reply Last reply Reply Quote 0
        • P
          podilarius
          last edited by

          They would be Virtual IPs first, then NAT, and finally rules.
          Basically you have to setup the IP on the NIC to accept traffic from a switch.
          Then, you have to tell the kernel where you want to send that data, cause you cannot route directly, you must setup a NAT for it.
          This could be 1:1 NAT (one IP to one host) or port forward.
          If you use port forward, rules will automatically created to pass traffic.
          If you use 1:1 NAT then you have to setup FW rules yourself.
          You might do well to get the book. It covers the basics well.

          1 Reply Last reply Reply Quote 0
          • I
            IdahoTech
            last edited by

            Thanks for the info. Where do I get the book?? Is it the new book that is coming out? or the older book. I heard with PFSense 2.1 the older book is not as clear on a lot of things in the newer PFsense.

            Thanks for the info makes more sense now. Haven't had my coffee yet, but it makes sense, I think I will let you know after a cup of coffee and something to eat.  :)

            The order of setting them up helps me out a lot. So Virtual IP's get put in. Then the NAT then the rules.

            We have other servers sitting on the inside of our network that need the 1 to 1 to make it look like they are on the outside because of SSL setup on them.

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis
              last edited by

              Where do I get the book?? Is it the new book that is coming out?

              The $99 pfSense Gold subscription includes the book in soft-copy and other benefits mentioned here: https://blog.pfsense.org/?p=718
              For a small install that does not need full paid support, it is a good way to get extra know-how and support the project.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • I
                IdahoTech
                last edited by

                Well I will take a look. I kinda got myself into this and should not expect the school to pay for me to have this. This could be my way of keeping myself useful.

                Anyway, I will look and thanks for the info. Sounds like a good plan. I am setting up the firewall now. I have the virtual IP's in and now I am doing the port forwards and yes I did get the 1:1 for the firewall as well, almost forgot to mention that.

                In the port forwards there is ports 80 and 443. For each server do I need to put a separate port forward for their web address and secure (HTTPS) address? Or does leaving the general two there with the NAT IP as LAN cover that and only setup the ports for other non standard ports that are not normally used that our vendors seem to need open.

                I hope that makes sense :o…. any way any thoughts?

                1 Reply Last reply Reply Quote 0
                • I
                  IdahoTech
                  last edited by

                  Is it better to put the port forward for 80 and 443 per server or just use the basic that is there and have the NAT IP be the LAN?

                  1 Reply Last reply Reply Quote 0
                  • P
                    podilarius
                    last edited by

                    You would need to put in a port forward rule for each server for port 80 and 443.

                    1 Reply Last reply Reply Quote 0
                    • I
                      IdahoTech
                      last edited by

                      OK good to know. That could of caused some issues then leaving it the way it was. So for each outward facing server then I will have to setup a 80 and 443 for each one. Well gonna get to it then….hopefully I remember all of them. ;D

                      1 Reply Last reply Reply Quote 0
                      • I
                        IdahoTech
                        last edited by

                        Ok so now comes the really dumb question of the week  ::)

                        When my users are browsing the web for HTTP and HTTPS those port forwards that I listed above are for our servers but for basic browsing from inside to outside where would that go???

                        Again, coffee is not totally working this morning. We have been looking at other firewalls in case I cannot get this one up and going. I want to since it was my idea and would love for it to work. Again I am sorry for the basics of my question, but I learn better asking a few dumb ones as well. I always said ' There are no dumb questions, just dumb mistakes'….

                        Thanks for the help so far on this....

                        I am working on this sporadically since I have to do other things here like Help desk, server maint. etc. so I work on this when I can and when school ends I will have more time and can focus more on it....

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.