Firewall rules



  • Hey guys,

    I have this setup:

    Internet –- Modem --- (public IP) PFSense (IP allocation) --- (remaining IP allocations) ISA Server (internal subnet) --- Clients

    The ISA server is basically controlling our client internet permissions, routing for our internal network, and will route external users to the relevant web servers etc using listeners (ISA use is a decision from management)

    • I'm pretty new with pfSense - probably a silly question... well most likely... but if i disable NAT so i can route my public IPs through the pfSense interfaces, will i need to manually create a firewall rule to route traffic entering the WAN connection to pfSense's internal interface (one of my IP allocations)??

    • when would i use the firewalling rules on the WAN interface instead of the LAN interface for example?
      If i was to open ports for users to gain access to websites on 80/443 for example, i would assume this is done on the LAN interface right?

    Many thanks in advance.



  • Can anyone help…?



  • Each Interface represents data comming passing in.

    The WAN firewall rules will allow you to make WAN exceptions for incomming traffic from the outside.
    The LAN firewall fules will allow your clients on your trusted network pass data to the next gateway.

    So if you want clients on the LAN to access websites then a rule needs to be created allowing that traffic to pass to the next gateway, which is in place by default.



  • Ahh ok… thanks for that tommyboy.
    So lan outgoing access is specified in the LAN firewall rules, and webserver rules on my lan for webusers to access need rules in the WAN rules, if i'm understanding...?

    Thanks again!



  • Correct.


Log in to reply