• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Firewall LAN rules only works with “single host or alias”

Scheduled Pinned Locked Moved Firewalling
10 Posts 3 Posters 5.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fellesnelle
    last edited by Nov 26, 2008, 12:20 PM Nov 26, 2008, 12:09 PM

    Hi there

    I’ve found out a strange thing with my pfsense.
    When I like to open some outgoing ports (80, 25, 110, 21) then only port 80 works when I setup my rule for “LAN net”. All other ports want work. So I need to setup a rule per PC with his own IP-adres and give then all access.

    Proto     Source               Port     Destination   Port    (result)
    TCP       192.168.0.22        *            *             *      Everthing works on this PC
    TCP       LAN net               *            *            80      PC’s can use internet
    TCP       LAN net               *            *            21      PC’s can’t make ftp connection

    So when I give every PC full-access with its own IP, why should I use a firewall ;-)
    What is wrong with my settings or are there other settings to check?

    Kind regards for your help.

    1 Reply Last reply Reply Quote 0
    • P
      Perry
      last edited by Nov 26, 2008, 12:48 PM

      Could it be a gateway problem?
      A quick view through your other post indicate to me that you may have tried a lot of things, or are using a good deal of the functions that pfSense provide.
      So following things may be helpful.
      1. Take the time to make a network diagram.
      2. Start using version 1.2.1-RC2
      3. If you have been experimenting, a reinstall can be the right thing to do.

      I’ve found out a strange thing with my pfsense

      4. Sometimes the livecd can be of useful. boot from it and keep the setup as close to default and retest.

      /Perry
      doc.pfsense.org

      1 Reply Last reply Reply Quote 0
      • J
        jahonix
        last edited by Nov 26, 2008, 5:11 PM

        Do you still have squid installed?

        1 Reply Last reply Reply Quote 0
        • F
          fellesnelle
          last edited by Nov 27, 2008, 8:40 AM

          Hi,

          Perry:
          I use this version (1.2-RELEASE built on Sun Feb 24 17:04:58 EST 2008)
          Maybe I should install the latest release and start over again.
          The thing is that I use several setups in different schools with different setups.

          jahonix:
          Yes, I have installed squid and still like to use it. Can this be the problem?

          Any other suggestions?

          1 Reply Last reply Reply Quote 0
          • J
            jahonix
            last edited by Nov 27, 2008, 9:53 AM

            @fellesnelle:

            Yes, I have installed squid and still like to use it. Can this be the problem?

            Maybe.
            If it's in transparent mode it grabs port80 traffic. If not you have to open the squid port (usually 3128, but user settable) to work.

            Why don't you enable logging for your rules and take action on what you find. This is like shooting in the dark.

            1 Reply Last reply Reply Quote 0
            • F
              fellesnelle
              last edited by Nov 27, 2008, 12:58 PM

              Hi

              I’ve installed version 1.2.1-RC2 to test kind of things before using it.

              First installed pfsense with following configuration:
              “no bridge” mode
              disabled “Default LAN -> Any”
              Added “LAN net” “port 80”
              Added “LAN net” “port 21”

              With this I could pass and block browsing by enable or disable rule of port 80.
              When I tried to use WS_FTP to make an FTP-connection in different ways I always can make a connection.
              (Block the rule, delete the rule even after restarting pfsense)

              After this i’ve added other rules to test things out:
              Added “LAN net” “port 25”
              Added “LAN net” “port 110”
              Everything so far works fine, except blocking port 21.

              Now I’ll try to install Squid and let you know if everything still works.

              Thanks already guys.

              1 Reply Last reply Reply Quote 0
              • J
                jahonix
                last edited by Nov 27, 2008, 4:17 PM

                @fellesnelle:

                Everything so far works fine, except blocking port 21.

                Disable the FTPhelper and you should be able to block this traffic as well.

                1 Reply Last reply Reply Quote 0
                • F
                  fellesnelle
                  last edited by Nov 28, 2008, 1:21 PM

                  You can set “Disable the userland FTP-Proxy application” on two interfaces.
                  LAN and WAN inferface.
                  When unset on the LAN interface, I can make an FTP-connection but not “allow” or “block” with a firewall rule.
                  After SET this option, I can’t make an FTP-connection.
                  This function on the WAN interface make no differences.

                  strange, no??

                  1 Reply Last reply Reply Quote 0
                  • J
                    jahonix
                    last edited by Dec 2, 2008, 9:49 AM

                    Sorry, I'm pushing this every day on my list (and mark this post as unread) but I don't seem to find the time to actually do this test.
                    Maybe someone else has more time or an idea?

                    1 Reply Last reply Reply Quote 0
                    • F
                      fellesnelle
                      last edited by Dec 2, 2008, 11:32 AM

                      Hi there

                      My ftp-problem is solved.
                      I had installed a pfsense (test setup) behind a pfsense firewall. So I’ve tried all these settings (with my test setup) and maybe that’s the reason of my ftp-problem.
                      I’ve now installed pfsense 1.2.1-RC2 as my basic firewall and it is more stable than before.
                      Even after installing Squid, SquidGuard and Lightsquid.

                      Thanks to all who was so kind to help me.

                      1 Reply Last reply Reply Quote 0
                      1 out of 10
                      • First post
                        1/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received