Filter Bypass for 1 computer



  • Hi,

    We have an external application that sends information to a Government run database. This program requires us to bypass firewall filtering to make the program function properly.

    Previously, I can usually connect without any hassle using Untangle which allows me to bypass the firewall only to this particular host/application (192.168.1.10 ) but when I changed to PfSense I can't make the application to function properly.

    I made the following rule on my WAN and LAN interfaces but nothing seems to work. Here's my firewall rule (located on top of the fw rule set)

    *  192.168.1.10  *  *  *  *

    Could anyone help me fix the problem?

    Thank you for your attention.



  • Bump!

    I'm still stuck with this problem. Can't find good pointers when Googling either.

    Is this possible with pfsense?

    Please help.

    Thanks in advance.



  • If it's so critical you can't wait 6 hours for somebody to offer suggestions maybe you should look to the paid support offering.

    Yes, it can be done.  If you need help making it work please provide the IP addresses (and ports) of the endpoints that require unfiltered communication and screenshots of the firewall and port forwarding rules on both WAN and LAN.



  • @Cry:

    If it's so critical you can't wait 6 hours for somebody to offer suggestions maybe you should look to the paid support offering.

    Yes, it can be done.  If you need help making it work please provide the IP addresses (and ports) of the endpoints that require unfiltered communication and screenshots of the firewall and port forwarding rules on both WAN and LAN.

    Hi,

    Thank you for your reply!

    Sorry, it's not possible to subscribe for paid support as of the moment. My previous subscription has expired without being able to use it.. Just hope it was still valid during this time though. :(

    The hosting government agency did not specify which ports to open despite our point on security and all. They just require us to open/allow every traffic to bypass the firewall with the source ip of the host (192.168.1.9) going to their system.

    Firewall: LAN

    Action: PASS
    Proto: *  
    Source: 192.168.1.9  
    Port: *  
    Destination: *  
    Port: *  
    Gateway: *

    Action: PASS
    Proto: * 
    Source: LAN Net 
    Port: * 
    Destination: * 
    Port: * 
    Gateway: *

    Firewall: WAN

    Action: PASS (For the sake of testing I allowed everything to pass)
    Proto: * 
    Source: * 
    Port: * 
    Destination: * 
    Port: * 
    Gateway: *

    I have set both fw rule on TOP for WAN/LAN. Below the rules are only for our intervlan routing/rules which I think don't matter in this case. I hope this is enough.

    I don't have any port forwarding setup since all transactions were merely for sending database information coming from our local host (192.168.1.9) using mysql database to the hosting agency system.

    I have Manual Outbound NAT rule generation (Advanced Outbound NAT (AON) set for other subnet but have no NAT rules for 192.168.1.0 subnet as seen on the attached file. The 2 subnets are connected via IPSec Tunnel sending SIP traffic to the other end.

    I have a Cisco Router in front of PfSense. Both Cisco (lan interface and Pfsense) are private ips. I have no problems with internet in this case.

    Hope you can help me.

    Best regards and more power!




  • Try creating NAT rules or re-enable AON.


  • Rebel Alliance Developer Netgate

    Is the IPsec tunnel on pfSense or the Cisco router?

    If it's on the Cisco, you probably also need to go to Interfaces > WAN and uncheck "block private networks"


Log in to reply