Help with newbie and firewall



  • i will start by prefacing that I know very little about firewalls, and networks.

    I am running pfsense to test out some ideas and I am running into some firewall issues that I have not been able to work out.

    Here is the setup

    pfsense has three NIC's, LAN, WAN and opt1

    internet–------router2---------------------------Workstation3(opt1)
                                                                            |
                                                  ---------------pfsense-----------Workstation1 (LAN)
                                                  |
      internet--------modem (sat)-------router1---------------------------Workstation2(LAN)

    This is setup this way so that I dont have to disrupt the home network while testing the LAN to WAN connection through pfsense.

    Simplified it is really this that I am working on

    router2---------------------------Workstation3(opt1)
                          |
                        pfsense-----------Workstation1 (LAN)

    So WS1 has pfsense as its gateway
    WS2 has the router2 with as its gateway to the internet
    router1 has a static route to pfsense to allow WS2 to see opt1 subnet. (part of a separate test)
    WS1 can see (ping, share files etc) with WS3 on opt1
    WS3 can see (ping, share files etc) with WS1 on LAN

    Now my question
    How I stop it from working?
    Where do I setup the firewall rules to say only allow ftp from LAN to opt1
    WS3 has a ftp server running and so far everything I have tried has not worked in preventing it from working and/or restricting it to ftp only

    Here is what I have setup for the opt1 firewall - it blocks everything but nothing is really being blocked as I can still connect from both WS1 and WS2 (with static route enabled)

    Thanks

    Mick




  • Yes, I had a block all to try and stop it working, but it still worked.

    How would I be circumventing controls by pfsense?

    There is no bridging of interfaces.  WS3 uses pfsense as the gateway so it can get to WS1 (and WAN for the test)  It is a static IP only.

    It would appear that once a connection was made, and further connections were allowed, even if the firewall was changed to prevent it.

    I have made some progress but still need clarification.

    Where do I put the rules to control the flow of data between opt1 and lan?


Log in to reply