Pfsense Router, but still want to limit access like ACL

Reply to Pfsense Router, but still want to limit access like ACL on Fri, 01 Apr 2011 00:57:03 GMT

newfirewallman — Fri, 01 Apr 2011 00:57:03 GMT

I did notice one problem with using the PFsense box as a router as described above. It does route traffic as expected and i can have my 1 or 2 rules to restrict access to the box except from my network, but apparently this breaks PPTP connections. I have and will have other firewalls behind this pfsense router and currently i am running another pfsense box behind it for my private network. I will have another for a DMZ network, and then i have other customer that will be behind it with their own firewalls. Kind of a bad thing if they won't be able to have vpn's. Haven't tried and FTP'ing yet to see if it will have a problem. I'm a little confused as to why it would have these problems since NAT is essentially off.

Reply to Pfsense Router, but still want to limit access like ACL on Tue, 29 Mar 2011 17:02:12 GMT

newfirewallman — Tue, 29 Mar 2011 17:02:12 GMT

Thank you for the reply. I have packet filtering enabled. Webconfig anti lockout rule off. configured outbound NAT like you said. And i have it working as expected.

Reply to Pfsense Router, but still want to limit access like ACL on Tue, 29 Mar 2011 16:43:03 GMT

GruensFroeschli — Tue, 29 Mar 2011 16:43:03 GMT

Reenable the packet filter.
Enable "manual outbound rule generation" (firewall –> NAT --> Outbount)
Delete/Create outbound NAT rules according to your needs.
--> Removing all outbound NAT rules will give you a purely routed setup with firewall capability.

Reply to Pfsense Router, but still want to limit access like ACL on Tue, 29 Mar 2011 16:29:41 GMT

newfirewallman — Tue, 29 Mar 2011 16:29:41 GMT

Still nothing? I'm thinking there has to be a way to make this work, anyone….