Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Which Port Numbers to open from LAN to WAN?

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      UltraLinuz
      last edited by

      My local network has three zones DMZ, LAN,WIFI

      The network from and to the DMZ is very much restricted to the services that are required by the server in that area
      The WIFI can only go to the WAN port but can do more or less whatever god has forbidden
      The LAN consist of several local servers that can only connect to the outside world for the services needed, but there are several PC's in the LAN that want to be able to access the internet for webbrowsing etc.

      In principle I do not want to allow any traffic from these PC's to the internet, but it looks like that I've somehow set the ports that allow communication to the outside world to strict. Could somebody give me advice which ports to really open or what a good strategy is? a link to a proper article is of course also highly appriciated.

      « edit by Gruensfroeschli for readibility »

      1 Reply Last reply Reply Quote 0
      • J
        jigpe
        last edited by

        You need 80,443,53 for HTTP

        jigp
        pfSense 1.2.x Davao City

        1 Reply Last reply Reply Quote 0
        • Cry HavokC
          Cry Havok
          last edited by

          The ports you need to open depends on what you mean by "etc" ;)

          I'd suggest you start by leaving it fully locked down and install Squid to control the web browsing.  Then identify the "etc" part and open ports accordingly.

          1 Reply Last reply Reply Quote 0
          • J
            jigpe
            last edited by

            Havoc: I have 80,443,53 and ftp. 4 ports. Why is it that i could do VPN+RemoteDesktop and ETC Virtually.. Any idea how to get rid of this? Thanks

            jigp
            Davao City pfsense 1.2.2

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              What kind of VPN - OpenVPN, IPsec or PPTP?  Remember that rules apply separately to each interface, that IPsec and PPTP are separate logical interfaces and needs their own rules and that the OpenVPN interface can't be filtered in 1.2.2.

              1 Reply Last reply Reply Quote 0
              • J
                jigpe
                last edited by

                "What kind of VPN - OpenVPN, IPsec or PPTP?  Remember that rules apply separately to each interface, that IPsec and PPTP are separate logical interfaces and needs their own rules and that the OpenVPN interface can't be filtered in 1.2.2."

                Does it work on 1.2.3RC2? 2.0 is tempting but im still exploring it there..Also Havok, Im not sure with the ports to open though…443,80,53 is okay right?

                jigp
                Davao City

                1 Reply Last reply Reply Quote 0
                • Cry HavokC
                  Cry Havok
                  last edited by

                  I'm not sure about 1.2.3 onwards - you'll have to try searching the forum for the latest information.

                  Those ports are "ok" if those are the only ports you require.  Only you can know the answer to that.

                  1 Reply Last reply Reply Quote 0
                  • J
                    jigpe
                    last edited by

                    Thank you Havok :)

                    Good morning :)

                    jigp
                    1.2.x

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.