Alias configuration



  • I am trying to set up one computer to access IRC but I don't want the others to have access to IRC. I thought the way to do this was to configure aliases? It just does not seem to work for me. Does anyone know how to do this?

    Also FTP does not seem to be configured right. I cannot update my FreeBSD server unless I connect to a VLAN with less strick rules. I got HTTPS, HTTP, DNS, IRC, and a Voip device configured right.

    Do you guys need screen shots of my pfSense config?


  • Rebel Alliance Developer Netgate

    There is not a lot of information in your post to formulate a reply or any meaningful suggestions. At the very least we need to know exactly what you have tried in terms of firewall rules, and what showed up in the firewall logs when you tried something that didn't work.



  • Here is my fire wall configuration. I should have made the images a little smaller.



  • This is the alias configuration.



  • Here are the firewall rules.



  • Jimp, I will atempt to set this up again and check the logs this time to see errors.

    @jimp:

    There is not a lot of information in your post to formulate a reply or any meaningful suggestions. At the very least we need to know exactly what you have tried in terms of firewall rules, and what showed up in the firewall logs when you tried something that didn't work.


  • Rebel Alliance Developer Netgate

    The "source" on the IRC rule should be set to "single host or alias" and then you type "irc_clients" into that box.

    You just need to make sure you don't have a more permissive "pass all" rule below that, or you have a rule right below it that says to block from any to any port = 6667.



  • Here is the log from the firewall rules:

    May 23 14:05:36  LAN  192.168.50.51:56577  66.184.117.12:6667  TCP:S

    I see that the port numbers don't match from the client to router.
    Shouldn't the client be coming from port 6667 not 56577?

    @jimp:

    The "source" on the IRC rule should be set to "single host or alias" and then you type "irc_clients" into that box.

    You just need to make sure you don't have a more permissive "pass all" rule below that, or you have a rule right below it that says to block from any to any port = 6667.


  • Rebel Alliance Developer Netgate

    No.  Client source ports are randomized on every recent OS. You only want to match the destination port.



  • I enabled the irc_clients and selected "single host or alias". Now is that for the "source" and "destination" both or just the destination?

    Here is the whole rules screen:



  • Here is the other screen:


  • Rebel Alliance Developer Netgate

    irc_clients is only the source. The destination is the server, mostly that should be "any" but if you want to restrict that to only a specific server, that is what would go there.



  • It is now working!!!! Thank you so much!!!!
    Pfsense is a great that is why I stuck with it even though it has been difficult for me.
    I did not study computers in school but I now work in the IT field.


Locked