Which Port Numbers to open from LAN to WAN?
My local network has three zones DMZ, LAN,WIFI
The network from and to the DMZ is very much restricted to the services that are required by the server in that area
The WIFI can only go to the WAN port but can do more or less whatever god has forbidden
The LAN consist of several local servers that can only connect to the outside world for the services needed, but there are several PC's in the LAN that want to be able to access the internet for webbrowsing etc.
In principle I do not want to allow any traffic from these PC's to the internet, but it looks like that I've somehow set the ports that allow communication to the outside world to strict. Could somebody give me advice which ports to really open or what a good strategy is? a link to a proper article is of course also highly appriciated.
« edit by Gruensfroeschli for readibility »
You need 80,443,53 for HTTP
pfSense 1.2.x Davao City
The ports you need to open depends on what you mean by "etc" ;)
I'd suggest you start by leaving it fully locked down and install Squid to control the web browsing. Then identify the "etc" part and open ports accordingly.
Havoc: I have 80,443,53 and ftp. 4 ports. Why is it that i could do VPN+RemoteDesktop and ETC Virtually.. Any idea how to get rid of this? Thanks
Davao City pfsense 1.2.2
What kind of VPN - OpenVPN, IPsec or PPTP? Remember that rules apply separately to each interface, that IPsec and PPTP are separate logical interfaces and needs their own rules and that the OpenVPN interface can't be filtered in 1.2.2.
"What kind of VPN - OpenVPN, IPsec or PPTP? Remember that rules apply separately to each interface, that IPsec and PPTP are separate logical interfaces and needs their own rules and that the OpenVPN interface can't be filtered in 1.2.2."
Does it work on 1.2.3RC2? 2.0 is tempting but im still exploring it there..Also Havok, Im not sure with the ports to open though…443,80,53 is okay right?
I'm not sure about 1.2.3 onwards - you'll have to try searching the forum for the latest information.
Those ports are "ok" if those are the only ports you require. Only you can know the answer to that.
Thank you Havok :)
Good morning :)