Make sure good connectivity from other countries

chudak

I will be traveling in Europe soon. Last time I did that I noticed that from countries I could not access my home network.

My assumption was that it was pfBNG blocking my access (which maybe debatable)

Anyhow, I am trying to test connectivity from the world.

Here are the steps:

• disable pfBNG GeoIP for Europe (for example, maybe done for one country)
• test that connections allowed from that location

And I am not sure how test this.

Tried https://www.uptrends.com/tools/traceroute and https://www.cdnperf.com/tools/cdn-latency-benchmark

Wonder what would be the right way to test that ?
I am sure there is a better way and better tools.

@BBcan177 and others pls

NogBadTheBad

Accessing your local network how exactly ?

It is just a matter of rule order.

chudak

@NogBadTheBad via OpenVPN

NogBadTheBad

@chudak

Then just put your ovpn rule above your pfblocker rules.

chudak

@NogBadTheBad
My pfBNG rules are floating

But one part of the question is how to make it, and not less important how to test it from the US and what tools to use?

NogBadTheBad

Why floating rules, do you have loads of interfaces?

Don't use floating rules and sort out the order of your inbound rules will fix it.

chudak

@NogBadTheBad

What's wrong with using floating rules ?

Again regardless this, say you disabled pfBNG all together - what is a good way to test connectivity from other countries ?

NogBadTheBad

Floating rules are processed first, it’s easier to tweak your rules if you use normal rules.

There really no way to test without getting your traffic to appear that it originated from that country, a vpn would do this but it would be tricky to test a vpn over a vpn.

chudak

@NogBadTheBad

Let's simply the use case, no VPN

Have you tried these tools: https://www.uptrends.com/tools/traceroute and https://www.cdnperf.com/tools/cdn-latency-benchmark

What did you get? You trust the results ?

NogBadTheBad

@chudak said in Make sure good connectivity from other countries:

https://www.uptrends.com/tools/traceroute

Well thats just testing ICMP not OpenVPN.

I block all IPv4 ICMP to my WAN interface.

chudak

@NogBadTheBad said in Make sure good connectivity from other countries:

@chudak said in Make sure good connectivity from other countries:

https://www.uptrends.com/tools/traceroute

Well thats just testing ICMP not OpenVPN.

I block all IPv4 ICMP to my WAN interface.

How do you test then access from other countries ?

NogBadTheBad

You cant without being there.

Don’t use floating rules and sort the order of the WAN rules like I suggested.

chudak

@NogBadTheBad said in Make sure good connectivity from other countries:

You cant without being there.

Don’t use floating rules and sort the order of the WAN rules like I suggested.

I remember now (after trying again) why I had floating rules option selected.

If I un-check "Floating Rules" and place my rules above pfBNG's rules then on update my order is not preserved, pfBNG rules placed on top again. IIRC @BBcan177 had some reasoning for it.

I guess question for you is - is your rule order is preserved after update? If yea, maybe I missing some setting somewhere.

Thx

NogBadTheBad

You can drag the rules to suit, they are only re ordered when you add new rules or modify.

Also you can define how they're added:-

Or you could use pfBlockerNG to create aliases then roll your own firewall rules.