1. Home
  2. pfSense® Software
  3. Firewalling
  4. [SOLVED] No access with a copied rule

[SOLVED] No access with a copied rule

  • W

    I am applying the first rules in pfSense.
    With the any / any rule I can navigate smoothly and access a remote server with FTP.
    (In this image it is in yellow)
    I copy the rule for ports 80/443/21; I disable the first one and I can no longer browse or access FTP.
    Where am I wrong? I do not understand.!

    0
  • V

    It would be more essential to see a screenshot of what you have now, while it isn't working, than what you had befor.

    0
  • W

    What is there is in the post is the screenshot of the rules page.
    They are the first that I created, before there were no other rules.
    The rule in yellow, if enabled I can surf and do FTP.
    If I disable it I am stopped

    The first two rules are instead towards my server in the DMZ (Alias = LS1) and they always work.

    0
  • Raffi_

    If what you say is true, you clearly have an issue with the ports in your LAN rules. Does the computer on the network have a statically assigned IP? I don't see a rule allowing pfSense to provide DHCP services (ports 67/68) on the LAN without that any rule enabled. If you don't have a valid IP, nothing will work.

    If the IP is not your issue and you want to figure out which ports you need to open, go to Diagnostics/Packet capture. Run a continuous capture on the LAN with the count set to 0 so that it will run until you manually stop it. Try to connect to the FTP and then go back into the packet capture menu and manually stop it. Check the capture to see what ports are being used during that time. You can download that file to wireshark and then filter for your own IP to narrow things down.

    0
  • W

    Maybe I don't explain it well.
    My PC is connected with the DHCP provided by pfSense and I am connected to the pfSense WebConsole, as seen from the snapshot.

    With those rules activated, if I also activate the rule highlighted in yellow (TCP any / any), then I can surf the Internet from the browser.
    If I disable this one rule, from now on I can no longer surf the Internet.
    So the two TPC rules (from any / any to LAN Net / HTTP & HTTPS) don't work in pfSense.

    In other words, I have to replace the any / any rule in individual rules for different services.

    0
  • S

    Hello!

    DNS needs UDP?

    John

    2 DaddyGo 1 Reply
  • DaddyGo

    @serbus

    perfectly true, this is the default LAN (yellow) rule(s) IPv4 * and IPv6 *
    the rest is TCP only

    0
  • W

    True, DNS goes over UDP and beyond FTP I have to open SSH since it is an SFTP connection.
    Now everything works.
    Thanks friends.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy