FireWall Rules - a bit of guidance to help understand PFSense
I am new to firewalling and have been running a PFSense firewall at home for a year or two. I am trying to setup a couple of things and have a few questions.
Eth0 -> LAN (DHCP server - provides all IP addresses to LAN)
Eth1 -> WAN (DCHP enabled - gets IP addr from DSL Modem)
Eth2 -> Opt1 (Bridged with LAN, gets all IP addresses from LAN DHCP server)
Netgear Wireles Router (used as WiFI Access Point + 4 port hub) connected to Opt1, so essentially, Opt1 = WiFI interface + 3 additional wired LAN ports.
I just signed up for VoIP and have connected (wired) an Analog Telephone Adapter (ATA) to one of the 3 ports on the Netgear Hub. I was having delay on my phone calls, so the VoiP company asked me to open ports 5004-5061 for UDP protocol.
LAN: /LAN Net///// /Default LAN -> Any.
WAN: Standard blocks
WiFi: /////*/ /All to LAN -> Subnet.
1. Will I require a seperate rule when I have all in LAN -> Net and all from Opt1 -> LAN enabled?
2. If I do, since the ATA is physically connected on the Opt1, where will I put the rule for the ATA - Opt1 or LAN?
Thanks in advance.
What do you mean you've bridged your opt1 with your lan? Wouldn't you wan't to keep them separate? Otherwise you could just plug the netgear into the switch that's connected to your lan interface, save yourself the trouble of dealing with the firewall rules. I'm not sure they'd even be effective if the two devices are bridged.
Anywho, you'll still need to open the said ports on your WAN interface, and create a NAT for the ports to forward to the VOIP adapter. I believe there is a package available for VOIP protocols as well. (TFTP) I wouldn't understand opening the ports up to the other network unless your calls are internal to other phones on the network? (I'm assuming you mean your external calls are delayed.)
Summary: Open ports on WAN | NAT: Port Forward to VOIP adapater IP. No additional rules needed (still assuming it's external calls with the delay)
If you haven't already, make the VOIP Adapter LAN IP static via your DHCP in case of a power loss.