Firewall and VPN

  • Okay, so I'm going to try and make this as simple as possible so I can get the most direct answer possible. To make this simple, I want readers to ignore the fact that it's a slingbox I'm referring to, since readers tend to not have extensive knowledge about slingbox and therefore may feel they can't answer, and just treat it as some device that typically connects as follows. Slingbox typically connects through port 5001 to the internet. Therefore, typically for web viewing one must port forward 5001 to the Slingbox's IP to gain access.

    The slingbox is on its own network. My intent is this:

    #1 Block all my other pfSense networks from accessing the Slingbox network. From what I know I would create a rule on each of the other networks that says block all from SRC=network subnet to DST=slingbox subnet correct?

    #2 I want ONLY authorized users (authorized via OpenVPN) to be able to VPN to the slingbox network for ability to watch.

    This comes with a few questions.

    A) When a VPN user is connected how can I see from my pfSense admin board that they're connected.
    B) In this senario, can I block all connections from the WAN to the slingbox network?
    C) From what I know, that once I have the VPN set up, there is a tab in "Rules" and I would create a allow all from SRC=VPN subnet to DST = slingbox network, yes? Or is that not necessary since I'm tunneled into the slingbox network?

    Thanks in advance for any and all responses.

Log in to reply