• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Help with newbie and firewall

Scheduled Pinned Locked Moved Firewalling
2 Posts 1 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    znelbok
    last edited by May 1, 2009, 10:20 PM

    i will start by prefacing that I know very little about firewalls, and networks.

    I am running pfsense to test out some ideas and I am running into some firewall issues that I have not been able to work out.

    Here is the setup

    pfsense has three NIC's, LAN, WAN and opt1

    internet–------router2---------------------------Workstation3(opt1)
                                                                            |
                                                  ---------------pfsense-----------Workstation1 (LAN)
                                                  |
      internet--------modem (sat)-------router1---------------------------Workstation2(LAN)

    This is setup this way so that I dont have to disrupt the home network while testing the LAN to WAN connection through pfsense.

    Simplified it is really this that I am working on

    router2---------------------------Workstation3(opt1)
                          |
                        pfsense-----------Workstation1 (LAN)

    So WS1 has pfsense as its gateway
    WS2 has the router2 with as its gateway to the internet
    router1 has a static route to pfsense to allow WS2 to see opt1 subnet. (part of a separate test)
    WS1 can see (ping, share files etc) with WS3 on opt1
    WS3 can see (ping, share files etc) with WS1 on LAN

    Now my question
    How I stop it from working?
    Where do I setup the firewall rules to say only allow ftp from LAN to opt1
    WS3 has a ftp server running and so far everything I have tried has not worked in preventing it from working and/or restricting it to ftp only

    Here is what I have setup for the opt1 firewall - it blocks everything but nothing is really being blocked as I can still connect from both WS1 and WS2 (with static route enabled)

    Thanks

    Mick

    fwrule1.JPG
    fwrule1.JPG_thumb

    1 Reply Last reply Reply Quote 0
    • Z
      znelbok
      last edited by May 2, 2009, 9:31 PM

      Yes, I had a block all to try and stop it working, but it still worked.

      How would I be circumventing controls by pfsense?

      There is no bridging of interfaces.  WS3 uses pfsense as the gateway so it can get to WS1 (and WAN for the test)  It is a static IP only.

      It would appear that once a connection was made, and further connections were allowed, even if the firewall was changed to prevent it.

      I have made some progress but still need clarification.

      Where do I put the rules to control the flow of data between opt1 and lan?

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received