Firewall Pass Rules



  • Uploaded with ImageShack.us

    Firewall System Log and Firewall Rules attached.

    Question asked here as well.

    All of my rules are disabled except for TCP\UDP ** - passing through anything to any port. This setup is the only way I can get low pings in games, server lists to appear, and most importantly - SC2 voice chat to work. I'd like to close down all ports except the ones I need - you know, like a firewall is supposed to act.

    The only ports that I can get to successfully open are 80-http and 53-DNS. Curiously, both of those ports are 'known' by pfsense and can be selected in a dropdown menu (other 'default' port protocols do not pass FWIW). If the rule is disabled, they're blocked. If it's enabled, they pass. For all my other ports (tests were done with 27015, 3074, 389, and 1119) enabling the specific rule, disabling the specific rule, or enabling/disabling the catch-all / rule still displays them as unreachable (cantyouseeme.com) except for 80 and 53.

    Now - My firewall is letting them through - Green Light entry in the log - but cantyouseeme.com says otherwise.

    FWIW I followed this guide top change my NAT from Strict to Moderate (for Crysis 2 Multiplayer Beta). That and 'Strict port' check under NAT default setting are basically the only other work done on my router as I'm just starting to learn on it.

    All I know is that I want my network secure and I want to hear my buds on SC2. Right now, I'm sacrificing security for teamwork and a better chance at fixing my w/l ratio!

    I've added a NAT port forward entry for UDP 1119-1120 and voice chat worked today in SC2. I'll update the rest of my entrys similarly and respond.

    Another reason that I didn't setup NAT Port Forwarding was because of 2 things: Source port and destination IP.

    I figure source port agnostic would be the way to go. Will you ever run into an instance where the source port is different from the destination port? (I'm talking about game firewall settings, and maybe torrenting?)

    Also, the destination IP needs to be 'whoever's requesting it.' I made the router (192.168.1.1) the destination IP because other users behind my firewall need to be able to voice chat and game besides just me. For something like RDP / VNC, I'll make it my computer, but for gaming - it needs to be the network. Comments there?


Log in to reply