Access to brand new build via the internet
-
Hey guys,
Finally got my set up built and complete with "PFSense" and it's all up and running, it's great! I've watched hours of YouTube videos on it, but just have a couple of questions please...
I could get access to the web page via the internet, and had to manual add a block to port 443.
I used shields up to check for open ports and there a few blue Microsoft ones that are "closed" and there was also 80,443.
Have I opened something up on the WAN side of things? ports were closed but web page accessible.
Thanks again
-
Make sure to check/test external, don't test your WAN for open ports from the LAN side.
pfSense default is no open WAN ports.-Rico
-
Thanks, I'd been testing it using "Shieldsup" it tests from there web site to the WAN, I used a VPN using "opera web browser" and when I used my external IP address with :443 on the end I could get access to the web page even though my IP was USA somewhere....
-
Show your configuration, Firewall Rules and so on.
-Rico
-
Thanks, Here's a couple of pics....
-
Ouch! That any-any TCP Floating Rule with no Interface selected is leaving your Firewall wide open!! Delete that!
As a pfSense beginner don't do any Floating Rules, work with Interface Rules. Don't touch the WAN Rules if you don't have to, the pfSense defaults are 100% secure with anything closed.
What is this 'online' tab about? Interface group?
Keep your stuff simple and clean!-Rico
-
Thanks for that, I had my suspicion when you asked me to have another look at the rules.
I deleted the online group as that was nothing, and I just deleted the rules that I created for 443,80 and tried access the web page from a VPN and wallah! blocked.
Thanks so much.
These blue ports I think when checking them are the samba server on a Pi that I have running....I think!
-
Some great docs about pfSense Firewall Basics, Processing order and so on: https://docs.netgate.com/pfsense/en/latest/firewall/index.html
More in depth: https://docs.netgate.com/pfsense/en/latest/book/firewall/index.html
In depth Floating Rules: https://docs.netgate.com/pfsense/en/latest/book/firewall/floating-rules.html - while reading you'll notice why I'd not recommend them to use as pfSense rookie.
-Rico
-
excellent, I shall make a cup of coffee and knuckle down with some reading.!
Thanks again
