Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    (Newbie) How "Works out of box" is it?

    General pfSense Questions
    5
    8
    2977
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rnsc last edited by

      Is PFSense a good match for me?

      I need someone else who knows what they are doing to provide the firewall rules that will keep me safe (preferably with an update once in a while).  I would use the GUI to do stuff assuming that it would create the appropriate rules to have it work and be safe.  This of course would be subject to "you get what you ask for", that is if I forward port 139 to an unpatched Windows 95 machine, I get what I deserve.  I am also perfectly OK doing command-line stuff (and in fact do all day).

      I see lots of discussion about doing fancy things with rules etc., but have not found any indication of what you get "Out of the Box".

      I have used smoothwall and clarkconnect for years, but they each have rather arbitrary limitations in functionality that get in my way.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        Out of the box you get:

        • DHCP on LAN
        • Firewall rule allowing the LAN to the WAN
        • NAT enabled to NAT outbound traffic from the LAN to the WAN.
        • Block everything on the WAN.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          mhab12 last edited by

          My "Out of the box" experiences with pfSense have been a lot like any off the shelf Linksys or equivalent router.  Just as GF explained in detail - it will "just work" for the vast majority of installations.  Port forwarding is easy and safe, assuming you don't remove or disable the default "block everything on the WAN".  Good luck.

          1 Reply Last reply Reply Quote 0
          • R
            rnsc last edited by

            If I want to make segregated internal networks to keep Windows machine and XBox's safely blockaded from my Linux network, will I be writing firewall rules or pushing buttons?  I don't know what rules to write!  I can tell that PFSense is a great convenience for people who know what rules to write.  Is it also suitable for people who want to "Create a safe, isolated wireless net" or "create a DMZ" and have it created with nominally appropriate rules?

            1 Reply Last reply Reply Quote 0
            • M
              mhab12 last edited by

              You'll only need to be typing IPs or subnet masks.  Spend 15 minutes and install a copy and give it a try.  It's easy.

              1 Reply Last reply Reply Quote 0
              • Cry Havok
                Cry Havok last edited by

                What you're saying makes it sound like you'll need a third interface (OPT1).  Put all your untrusted hosts on that interface.  Then it's a matter of how you want to do it.  The simplest approach (not the most secure) would be to block all traffic on that interface going to the LAN, but allow all other traffic.

                1 Reply Last reply Reply Quote 0
                • R
                  rnsc last edited by

                  Thank you all, it does sound like what I was looking for (You will just by typing in IP addresses and netmasks… Try it, it is easy).  Indeed I will.

                  1 Reply Last reply Reply Quote 0
                  • V
                    Vorkbaard last edited by

                    So how was your experience?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post