Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Simple block of traffic to port 80 on webserver machine

    Firewalling
    3
    7
    2729
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mentalhemroids last edited by

      I haven't been able to get to my webserver behind pfsense box; I've tried several different things.  Now I am trying to block access to it from my lan to my bridge where it is located.  I changed the setting to enable filtering of bridge and set up a firewall rule to block all web traffic from one ip to the ip host for my website.  I setup the rule on both my Lan and Bridge to block traffic and now I can still get to my website.  Just trying to figure out what to do; I'm running 1.0.1 and the filters seem to be reloading, so that's where I am.

      Anyone have any ideas?

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        Please add an asciidraft about your networksetup. Also provide the exact rules you created for the blocked traffic.

        1 Reply Last reply Reply Quote 0
        • M
          mentalhemroids last edited by

          @hoba:

          Please add an asciidraft about your networksetup. Also provide the exact rules you created for the blocked traffic.

          Is that something available in one of the system log files or do I have to write it all out?  Sorry I'm still fairly new to pfSense and firewalling is something I'm trying to learn the correct way to do.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • H
            hoba last edited by

            You can copy/paste the firewallrules from the webgui (firewall>rules). Concerning the ascii diagram of your network you have to simply whip it up yourself.

            Oh, and maybe you haven't found this yet: http://pfsense.trendchiller.com/transparent_firewall.pdf (it's linked at pfsense.com, tutorial section).

            1 Reply Last reply Reply Quote 0
            • M
              mentalhemroids last edited by

              Okay, here are the rules -
              LAN
              TCP/UDP  10...17  80 (HTTP)  10...5  80 (HTTP)  *  Block 80 on primary
              *  LAN net  *  *  *  *  Default Subnet -> Any

              BRIDGE
              TCP/UDP  10...17  80 (HTTP)  10...5  80 (HTTP)  *  Block tcp port 80 from t40
              *  LAN net  *  *  *  *  Default LAN -> any

              Alright, here is my attempt at a network ascii representation…

              10...17
                                                              /
                                      LAN(linksys wi-fi) - 10...#
                    10.../24/    ^                 
              WAN -  pfSense      |                      10.
              ..#
                                    ~    |      10.
              ..5
                                    ~  |    /
                                      Bridge - 10.
              ..#
                                             
                                                10.
              .*.#

              Does this help at all?  I have bridge filtering enabled; any other ideas on things I can do?

              1 Reply Last reply Reply Quote 0
              • S
                sai last edited by

                This is wrong:
                TCP/UDP      10...17      80 (HTTP)      10...5      80 (HTTP)      *      Block 80 on primary

                To block access to a web server your source port should be * (it is shown to be 80)

                This is correct:
                TCP/UDP      10...17                *        10...5      80 (HTTP)      *      Block 80 on primary

                This rule will block access from 10...17 to the web server on 10...5

                Generally you will never specify the source port, only the destination port.

                1 Reply Last reply Reply Quote 0
                • M
                  mentalhemroids last edited by

                  Okay, I got it working; it's a tricky if you don't know what you are doing.  Thanks for your help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post