Need Help Setting Up PF Sense Box For A Game Server On A DMZ And A PC on A Local Lan

demonclaw

I'm fairly new to pfSense. I have a Minecraft server I built so me and a few friends can play on it. I'm have some issues setting it up pf sense box that I also built to protect my local lan and the MC server. The main issue is I don't understand how to set up the firewall rules. What I need help with is mainly the rules part of the firewall.

The main list of rules I want is as follows

1. The lan and the DMZ can communicate with each other over normal ports.
2. The lan has the normal ports open (Plug N Play style.)
3. Block all ports going to the server but the ports I need like 25565. Be able to reply back to the sender over the ports it needs open(wish I knew which ports that is.)

This is what my network looks like.
I would like to do this without doing any port forwarding

KOM

Are the other players on LAN or from the Internet?

By default, WAN blocks all incoming unsolicited traffic & LAN has full access to go everywhere. OPT1 and any other additional interfaces have no rules by default and can't do anything from those networks until you add a rule.

demonclaw

Both but more WAN then LAN. Me and my roommate will be for the most part the only ones on the LAN and all the rest will be coming in on the WAN. I have renamed OPT1 to DMZ on my set up. So the way it sounds like I need to let traffic thru from WAN to the DMZ. I also need to set up rules for the DMZ for traffic thru to the LAN and WAN. Am I correct on what you said?

KOM

So the way it sounds like I need to let traffic thru from WAN to the DMZ

Of course. A port-forward for tcp 25535 and you're done. I don't know why you have the restriction on port forwards but that is a better solution than uPNP.

I also need to set up rules for the DMZ for traffic thru to the LAN and WAN

Sort of. You have a rule for DMZ to access WAN, but not LAN. pfSense is a stateful firewall and that means established connections allow return traffic without the need for more rules. So, if you on LAN contact your Minecraft server on DMZ, it will be able to reply back to you. However, you don't want your Minecraft server reaching out on its own to your LAN.

demonclaw

@kom said in Need Help Setting Up PF Sense Box For A Game Server On A DMZ And A PC on A Local Lan:

Of course. A port-forward for tcp 25535 and you're done. I don't know why you have the restriction on port forwards but that is a better solution than uPNP.

I was trying to see if there was a different way of doing it instead of the easy way.

@kom said in Need Help Setting Up PF Sense Box For A Game Server On A DMZ And A PC on A Local Lan:

You have a rule for DMZ to access WAN, but not LAN.

Is there a way for the DMZ to hook to both LAN and WAN?

@kom said in Need Help Setting Up PF Sense Box For A Game Server On A DMZ And A PC on A Local Lan:

However, you don't want your Minecraft server reaching out on its own to your LAN.

how Do I do That like I said I'm new to setting up the rules and I'm not sure where to put the rules.

KOM

@demonclaw said in Need Help Setting Up PF Sense Box For A Game Server On A DMZ And A PC on A Local Lan:

Is there a way for the DMZ to hook to both LAN and WAN?

Add a Default allow to any rule on the DMZ firewall rules list. Firewall rules are handled under (wait for it....) the Firewall - Rules menu. Click on the DMZ tab and add a rule just like the Default allow LAN to any rule on the LAN tab.

how Do I do That like I said I'm new to setting up the rules and I'm not sure where to put the rules.

pfSense isn't really a beginner's routing firewall. Start reading:

https://www.netgate.com/docs/pfsense/book/

demonclaw

@kom said in Need Help Setting Up PF Sense Box For A Game Server On A DMZ And A PC on A Local Lan:

(wait for it....)

This is uncalled forward. I was just asking a simple question. I was talking about which interface.

@demonclaw said in Need Help Setting Up PF Sense Box For A Game Server On A DMZ And A PC on A Local Lan:

how Do I do That like I said I'm new to setting up the rules and I'm not sure where to put the rules.

I meant which interface for the most part. I some what under stand how to set up the rules I was just having trouble which interface .

Grimson

@demonclaw said in Need Help Setting Up PF Sense Box For A Game Server On A DMZ And A PC on A Local Lan:

I some what under stand how to set up the rules I was just having trouble which interface .

Then read the book until you really know how firewall rules work, this will answer your question then.