• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Access to brand new build via the internet

General pfSense Questions
2
9
571
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    Datastream101
    last edited by Sep 19, 2020, 7:47 AM

    Hey guys,

    Finally got my set up built and complete with "PFSense" and it's all up and running, it's great! I've watched hours of YouTube videos on it, but just have a couple of questions please...

    I could get access to the web page via the internet, and had to manual add a block to port 443.

    I used shields up to check for open ports and there a few blue Microsoft ones that are "closed" and there was also 80,443.

    Have I opened something up on the WAN side of things? ports were closed but web page accessible.

    Thanks again

    1 Reply Last reply Reply Quote 0
    • R
      Rico LAYER 8 Rebel Alliance
      last edited by Sep 19, 2020, 8:05 AM

      Make sure to check/test external, don't test your WAN for open ports from the LAN side.
      pfSense default is no open WAN ports.

      -Rico

      1 Reply Last reply Reply Quote 0
      • D
        Datastream101
        last edited by Sep 19, 2020, 8:11 AM

        Thanks, I'd been testing it using "Shieldsup" it tests from there web site to the WAN, I used a VPN using "opera web browser" and when I used my external IP address with :443 on the end I could get access to the web page even though my IP was USA somewhere....

        1 Reply Last reply Reply Quote 0
        • R
          Rico LAYER 8 Rebel Alliance
          last edited by Sep 19, 2020, 8:56 AM

          Show your configuration, Firewall Rules and so on.

          -Rico

          1 Reply Last reply Reply Quote 1
          • D
            Datastream101
            last edited by Sep 19, 2020, 9:00 AM

            Thanks, Here's a couple of pics....

            login-to-view

            login-to-view

            1 Reply Last reply Reply Quote 0
            • R
              Rico LAYER 8 Rebel Alliance
              last edited by Sep 19, 2020, 9:25 AM

              Ouch! That any-any TCP Floating Rule with no Interface selected is leaving your Firewall wide open!! Delete that!
              As a pfSense beginner don't do any Floating Rules, work with Interface Rules. Don't touch the WAN Rules if you don't have to, the pfSense defaults are 100% secure with anything closed.
              What is this 'online' tab about? Interface group?
              Keep your stuff simple and clean!

              -Rico

              1 Reply Last reply Reply Quote 1
              • D
                Datastream101
                last edited by Sep 19, 2020, 9:36 AM

                Thanks for that, I had my suspicion when you asked me to have another look at the rules.

                I deleted the online group as that was nothing, and I just deleted the rules that I created for 443,80 and tried access the web page from a VPN and wallah! blocked.

                Thanks so much.

                These blue ports I think when checking them are the samba server on a Pi that I have running....I think!

                login-to-view

                1 Reply Last reply Reply Quote 0
                • R
                  Rico LAYER 8 Rebel Alliance
                  last edited by Rico Sep 19, 2020, 9:43 AM Sep 19, 2020, 9:42 AM

                  Some great docs about pfSense Firewall Basics, Processing order and so on: https://docs.netgate.com/pfsense/en/latest/firewall/index.html
                  More in depth: https://docs.netgate.com/pfsense/en/latest/book/firewall/index.html
                  In depth Floating Rules: https://docs.netgate.com/pfsense/en/latest/book/firewall/floating-rules.html - while reading you'll notice why I'd not recommend them to use as pfSense rookie. 🤓

                  -Rico

                  1 Reply Last reply Reply Quote 1
                  • D
                    Datastream101
                    last edited by Sep 19, 2020, 9:51 AM

                    excellent, I shall make a cup of coffee and knuckle down with some reading.!

                    Thanks again

                    1 Reply Last reply Reply Quote 0
                    1 out of 9
                    • First post
                      1/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.