Few basic confusions
-
I've read other posts, seen youtube and articles about this, but still can't totally make sense of it.
I hear all the time that by default everything is allowed to go from LAN to WAN, the default rules in the LAN tab, also so that I don't lock myself out.
And that everything is blocked from WAN to LAN by default?, that if there is no rule specified, then it will be blocked. (right now the only rules in WAN tab is the default Bogon and Private networks.)1# Then how can I surf the internet without any problem?. Everything my LAN requests is also opened for?. HTTP is port 80, right?.. I view the internet pages, but it sure also sends back on 80?, stuff is sent to me from various adresses, etc.
Maybe FTP could be example too, I can connect to a FTP server and download. … but doesn't it also go the other way? hmm.. but I can kinda make sense of it, because of course when I host a FTP server then it is quite different.2# How can I remotely turn off my house lights with Phillips Hue App on my phone when having turned off my Wifi?, how can that pass into my Hue Bridge control box behind Pfsense.
3# If everything is allowed from LAN to WAN, then why does my firewall log show stuff blocked originating from LAN?. I am wondering if I am reading it backwards, just like when you make portforwarding NAT rule, you set destination to WAN not LAN, which to me would make most logical sense to me when wanting to allow something in.
For example this log entry.
Interface: LAN -- Source: 10.1.1.110 -- Destination: 172.217.17.74:443It's not that I can't see that it also blocks stuff coming in.
Stuff that may be important to note... Am running Snort, but even before that it is like this... And I am still waiting for my ISP sort out their side, so that I can have Public IP on my WAN interface instead of being behind some of their gear still, being double NAT and all.
-
1# https://en.wikipedia.org/wiki/Stateful_firewall
2# VPN / Port forward
3# https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
-
@ptt:
1# https://en.wikipedia.org/wiki/Stateful_firewall
2# VPN / Port forward
3# https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
Thanks :).
1# I was just thinking that a moment after posting "Maybe it has to do with states… it opens a state... I will quickly edit my post".. But you were fast :).
2# I also had that suspicion.. but it still doesn't make total sense to me how it can pass, VPN or not. Got no rules set for it, and it can't have opend a state.. unless it continiously sends something out ofc maybe...
3# Ok!, I read again more careful, and I get it.. now I just wish to get rid of that, because it seems like mess to have in log.
-
Just check/look the Docs
https://doc.pfsense.org/index.php/Main_Page
Lot of info there (also here in the forum)
-
@ptt:
1# https://en.wikipedia.org/wiki/Stateful_firewall
2# VPN / Port forward
3# https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
And can see a state for my Hue Bridge I believe …. lol, and a lot suddenly makes sense... So it has opend a state.. and continues to do so i guess..
-
@ptt:
Just check/look the Docs
https://doc.pfsense.org/index.php/Main_Page
Lot of info there (also here in the forum)
Right, yes :). But also sometimes I guess I just need to confirm or have some interaction to really get some part.
Thanks again. (I feel like one of those who asked same question 100x times, lol)
