WAN open ports problem

manuelgop

Hi, sorry for posting this but I am having a hard time in order to make the white list work properly.

I have some WAN ports open and configured in the NAT section(Forwarding)

Since one client asked me to block all incoming connections from other parts of the world except Mexico I installed pfBlockerNG and deny all incoming traffic for the rest of the world.

But I have some VPS(4) in North America that need to access the open ports.

I have reading about the IPv4 section and created an alias list there but I am doing something wrong since it is not working not even in alias native, even moving a custom rule I have created to the top it does not work.

Hope you can help me with this.

Thanks.

SteveITS

Did you run the pfBlocker update so it would generate the lists and aliases?

When you configured the NAT forwarding did you use a pfBlocker alias as the source or is the source Any?

Perhaps, post screenshots of your NAT forward and the relevant firewall rules.

manuelgop

@manuelgop said in WAN open ports problem:

ut I have some VPS(4) in North America that need to

Thank you for your response.

I looked up and my rule containing the pfB_AllowList was moved all way down. I have reassigned to the top but it does not work neither.
If I put my cursor over pfB_AllowList it show the IP address I want to be whitelisted.

The source in the NAT config is Any.
Added NAT forward and firewall rules.
Screen Shot 2020-04-28 at 9.03.52 AM.png

Screen Shot 2020-04-28 at 8.57.40 AM.png

Screen Shot 2020-04-28 at 8.55.04 AM.png

manuelgop

@teamits said in WAN open ports problem:

or
@manuelgop said in WAN open ports problem:
ut I have some VPS(4) in North America that need to

Thank you for your response.

I looked up and my rule containing the pfB_AllowList was moved all way down. I have reassigned to the top but it does not work neither.
If I put my cursor over pfB_AllowList it show the IP address I want to be whitelisted.

The source in the NAT config is Any.
Added NAT forward and firewall rules.
Screen Shot 2020-04-28 at 9.03.52 AM.png

Screen Shot 2020-04-28 at 8.57.40 AM.png

Screen Shot 2020-04-28 at 8.55.04 AM.png

SteveITS

@manuelgop The pfBlocker rules are reordered when a pfBlocker update runs, according to the "Firewall 'Auto' Rule Order" setting on the IP tab. [edit: the IP tab in pfBlockerNG]

States value of 0/0B generally means the rule is not seeing any traffic. Are you connecting using port 80 or HTTPS?

manuelgop

@teamits
I am trying using port 80.

manuelgop

@teamits
If i go to the firewall log I can see my "whitelisted" IP blocked by the pfB_NAmerica_v4 rule using port 80.

SteveITS

@manuelgop Did you apply the changes after reordering the rules? They apply in order, though as I said pfBlocker might reorder them.