LAN rules not working on pfSense (updated)

  • Hello,
    I've created several rules on my VLAN (using vmware 9.0.0) on a managing machine - win' 7 pro., to a virtual machine - Ubuntu desktop with servers on it (Samba, apache) and when I run basic scan with Nessus, it doesn't seems to pass through the firewall. Thanks,

    *Additional information will be given if necessary.

  • You might want to diagram your network because I'm not following your description very well.  What exactly is your problem again?  A firewall is supposed to stop unsolicited traffic from blowing through your network, after all.  You say vmware 9.0, do you mean Workstation or Fusion?  When you say VLANs, do you mean real ones or VMware custom networks?  Is this a new install?  By default, only LAN gets an Allow Any rule for full access.  All subsequent LANs must have one added.  The fact that there are several clients involved means you also have to check for local firewalls getting in the way.  A lot more info is required.

  • HI,
    I'm very sorry for not being clear. The point is that I was asked (due to a study project) to harden a server (Ubuntu) installed on vmware workstation from a managing machine (win 7, workstation) with pfsense. The local windows firewall is disabled. Nessus basic scan doesn't seem to be influenced at all from the rules I've created. Thanks again,

  • Banned

    Hmmm. So, when you put a firewall in the middle of your LAN and start creating VLANs there, how exactly would your current router know? You'd need static routes there for those VLANs to be even reachable.

  • Is static routing configured from the OS? Fw? VM?

  • Banned

    Uh oh… To get the Ubuntu thing accessible from your normal networks, you must configure it on the router the normal network is connected to. After that, you get into all kinds of hassle with firewall rules, since the normally used "shortcuts" such as "LAN net" do not include any of those statically routed subnets. Not to mention the pitfalls with VLANs handling.

    I'd start with rethinking the design.

  • Thanks.

Log in to reply