Help with newbie and firewall
-
i will start by prefacing that I know very little about firewalls, and networks.
I am running pfsense to test out some ideas and I am running into some firewall issues that I have not been able to work out.
Here is the setup
pfsense has three NIC's, LAN, WAN and opt1
internet–------router2---------------------------Workstation3(opt1)
|
---------------pfsense-----------Workstation1 (LAN)
|
internet--------modem (sat)-------router1---------------------------Workstation2(LAN)This is setup this way so that I dont have to disrupt the home network while testing the LAN to WAN connection through pfsense.
Simplified it is really this that I am working on
router2---------------------------Workstation3(opt1)
|
pfsense-----------Workstation1 (LAN)So WS1 has pfsense as its gateway
WS2 has the router2 with as its gateway to the internet
router1 has a static route to pfsense to allow WS2 to see opt1 subnet. (part of a separate test)
WS1 can see (ping, share files etc) with WS3 on opt1
WS3 can see (ping, share files etc) with WS1 on LANNow my question
How I stop it from working?
Where do I setup the firewall rules to say only allow ftp from LAN to opt1
WS3 has a ftp server running and so far everything I have tried has not worked in preventing it from working and/or restricting it to ftp onlyHere is what I have setup for the opt1 firewall - it blocks everything but nothing is really being blocked as I can still connect from both WS1 and WS2 (with static route enabled)
Thanks
Mick
-
Yes, I had a block all to try and stop it working, but it still worked.
How would I be circumventing controls by pfsense?
There is no bridging of interfaces. WS3 uses pfsense as the gateway so it can get to WS1 (and WAN for the test) It is a static IP only.
It would appear that once a connection was made, and further connections were allowed, even if the firewall was changed to prevent it.
I have made some progress but still need clarification.
Where do I put the rules to control the flow of data between opt1 and lan?