Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Identify and open ports required for client outgoing traffic?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 353 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MolarBear
      last edited by

      Hi all, I'm a PFsense newbie so please bear with me.

      I have a SG-1100 which is then connected to our network and wifi access points. I work at a dental practice/office in the UK.We have some (Italian) dental equipment that connects via WIFI, then connects to the manufacturers servers. We can then control the devices via an app on an iPhone/iPad. The problem I'm having is that our dental equipment cannot communicate with the manufacturers server. If I take out the PFsense and put in a consumer/residential router, or tether the dental equipment via my phone as a hotspot then everything works fine, and they can communicate with the manufacturers server. It's only when I put them on the network with the PFsense they can't get onto the internet and communicate with the manfacturers server. The devices are getting allocated IPs via DHCP properly too, as I've checked their config pages. They're pingable via the pfsense LAN.

      All our PCs/phones etc work absolutely fine with no configuration. I've opened up the ports/ firewall rules as per manufactured instructions but this doesn't seem to do anything - the UK manufacturers seem rather clueless in exactly what ports I need to open and have just repeated what their colleagues in Italy have told them to do - but they don't know much about it themselves. Is there a way on PFsense I can see which ports are required to be opened by the device IPs and which ports are being blocked? Many thanks!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        Well out of the box ALL ports are allowed outbound in pfsense.

        Are you running IPS, Proxy, Pfblocker?

        What is not working - is it not resolving.

        We just ran into a problem where user was saying facebook wasn't working - but if he connected to his normal router it worked. You know what it was.. With pfsense he was using opendns, his normal router was not.. Opendns was blocking where he was trying to go via dns..

        Without some actual details its not possible to help you figure out what is the problem... But out of the box pfsense block no outbound traffic.. And should resolve any dns on its own, etc..

        So part of the process of this device connecting to some server on the internet is not working... Sniff on pfsense could help you figure that out. Diagnostic, packet capture.

        You could look in the state table on pfsense for the IP of this device - and see what states are not completed.. etc..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          MolarBear
          last edited by

          Hi Johnpoz,

          Thanks, a very helpful reply! So I don't believe I have anything you mentioned activated IPS, Proxy, Pfblocker, I'm using things just stock as they came. I am pretty new to stand alone firewalls myself.

          So everything seems to work fine on any other device. No websites or anything as far as I know is being blocked. When we connect up our suction pump ( https://www.cattani.it/en/categorie-prodotti/micro-smart-en/ to give you an idea of what it looks like) we have to just give it the wifi details and it should then connect to the manufacturer server, and we should see it on the iPhone app. There's very limited tech support so I don't even know which server I would need to ping to check where the outgoing connections are going to.

          How would I go about using sniff to do the packet capture please? Is there any documentation or tutorial? And where is the state table? Happy to do a lot of reading if you could point me to the relevant menu in the dashboard. Thanks so much! :)

          1 Reply Last reply Reply Quote 0
          • M
            MolarBear
            last edited by

            I presume by sniff you mean diagnostics -> packet capture? I'll try that, and feed it into wireshark. I've only used wireshark really briefly before and I'm definitely no network whizz! Thanks!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.