Totlly NEW to Firewalls, have some questions



  • Hi,
    I am totally new to the world of he firewalls. ::)
    What do i have to do, so that I can blok/permit some users from going to the internet and/or using Messengers like YM/MSN/Gtalk?

    Any help pushing me in the right direction is welcome!!!!

    Johny



  • I have this saved on my PC ( is there a FAQ page that this could be posted on ? )

    The MSN Messenger can communicate with the .Net Messenger service using either port 1863 for direct TCP connections or using HTTP using port 80.

    To block access to the .Net Messenger service or MSN Web Messenger:

    1. Block outbound access to TCP port 1863.

    2. Block HTTP access to messenger.hotmail.com.

    If you would like to block access to MSN Web Messenger you will also need to block HTTP access to webmessenger.msn.com

    messenger.hotmail.com

    gateway.messenger.hotmail.com

    webmessenger.msn.com


    The ports used by MSN messenger are 6901& 6891-6900.

    =============================

    to block Yahoo mail, messenger we need to block:

    login.yahoo.com

    msg.edit.yahoo.com

    edit.messenger.yahoo.com

    csa.yahoo.com

    csb.yahoo.com

    csc.yahoo.com



  • Thx Sai,

    Is it possible to block for certain Ips the access to the internet?
    And that some Ips canonly visit some websites and other not?
    Like making a list which the people(ips) on that lista can acccess some pages
    And another list which blocks other websites.

    Is that Possible doing it with this software?

    Thx,

    Johny



  • Yes its possible, but for pfSense basically works on IP Addresses and Port numbers.

    The rules you want to make are in the Firewall > Rules > Lan menu option

    To block applications like messengers you need to work at url or protocol level. This is because the messengers start to send messeges as http packets and dont stick to their own port numbers.

    The best way to block (using the firewall) is to only allow users to use the pfSense machine as a DNS server and then use the DNS forwarder to change the ip address for the hosts listed to 127.0.0.1

    Most of the hosts you want to block will have multiple ip addresses and will keep changing ip and protocol to get around firewalls.





  • Thx Sai,
    That was very usefull!

    I have another problem. Surely somebody can help me.

    I need to forward a conection from outside to a PC inside. I tried but just can´t make it work.
    Example:
    From the outside they connect with:
    21.22.23.24:150
    and I need to forward it to:
    192.168.100.150:20000

    How do I do that?
    I tried severall thing, but just couldn´t get it to work?
    Anybody can push me in the right direction….

    Thx!!!!!!



  • Firewall>NAT ,portforward tab. Hit the +button and set it up the way you want it. Make sure to keep the "autocreate firewallrule" option at the bottom checked. Save and Apply.


Locked