Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access to brand new build via the internet

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 2 Posters 744 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Datastream101D Offline
      Datastream101
      last edited by

      Hey guys,

      Finally got my set up built and complete with "PFSense" and it's all up and running, it's great! I've watched hours of YouTube videos on it, but just have a couple of questions please...

      I could get access to the web page via the internet, and had to manual add a block to port 443.

      I used shields up to check for open ports and there a few blue Microsoft ones that are "closed" and there was also 80,443.

      Have I opened something up on the WAN side of things? ports were closed but web page accessible.

      Thanks again

      1 Reply Last reply Reply Quote 0
      • RicoR Offline
        Rico LAYER 8 Rebel Alliance
        last edited by

        Make sure to check/test external, don't test your WAN for open ports from the LAN side.
        pfSense default is no open WAN ports.

        -Rico

        1 Reply Last reply Reply Quote 0
        • Datastream101D Offline
          Datastream101
          last edited by

          Thanks, I'd been testing it using "Shieldsup" it tests from there web site to the WAN, I used a VPN using "opera web browser" and when I used my external IP address with :443 on the end I could get access to the web page even though my IP was USA somewhere....

          1 Reply Last reply Reply Quote 0
          • RicoR Offline
            Rico LAYER 8 Rebel Alliance
            last edited by

            Show your configuration, Firewall Rules and so on.

            -Rico

            1 Reply Last reply Reply Quote 1
            • Datastream101D Offline
              Datastream101
              last edited by

              Thanks, Here's a couple of pics....

              19-09-2020 09-57-42.jpg

              19-09-2020 09-58-42.jpg

              1 Reply Last reply Reply Quote 0
              • RicoR Offline
                Rico LAYER 8 Rebel Alliance
                last edited by

                Ouch! That any-any TCP Floating Rule with no Interface selected is leaving your Firewall wide open!! Delete that!
                As a pfSense beginner don't do any Floating Rules, work with Interface Rules. Don't touch the WAN Rules if you don't have to, the pfSense defaults are 100% secure with anything closed.
                What is this 'online' tab about? Interface group?
                Keep your stuff simple and clean!

                -Rico

                1 Reply Last reply Reply Quote 1
                • Datastream101D Offline
                  Datastream101
                  last edited by

                  Thanks for that, I had my suspicion when you asked me to have another look at the rules.

                  I deleted the online group as that was nothing, and I just deleted the rules that I created for 443,80 and tried access the web page from a VPN and wallah! blocked.

                  Thanks so much.

                  These blue ports I think when checking them are the samba server on a Pi that I have running....I think!

                  19-09-2020 10-34-49.jpg

                  1 Reply Last reply Reply Quote 0
                  • RicoR Offline
                    Rico LAYER 8 Rebel Alliance
                    last edited by Rico

                    Some great docs about pfSense Firewall Basics, Processing order and so on: https://docs.netgate.com/pfsense/en/latest/firewall/index.html
                    More in depth: https://docs.netgate.com/pfsense/en/latest/book/firewall/index.html
                    In depth Floating Rules: https://docs.netgate.com/pfsense/en/latest/book/firewall/floating-rules.html - while reading you'll notice why I'd not recommend them to use as pfSense rookie. 🤓

                    -Rico

                    1 Reply Last reply Reply Quote 1
                    • Datastream101D Offline
                      Datastream101
                      last edited by

                      excellent, I shall make a cup of coffee and knuckle down with some reading.!

                      Thanks again

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.