Migrate from Sonicwall to Pfsense rules question

  • Hi Guys,

    New to Pfsense, used to Sonicwall but for sure want to switch to open source.

    I loaded an Athena Thin Client with an image and it is running smoothly.

    CPU VIA Nehemiah (1 GHZ)
    Hardware Crypto  VIA PAdlock
    RAM 256MB
    1GB Solid State IDE DISK

    As far as I understand atm Sonicwall's:

    Services(ports) can be replaced by Pfsense Alias
    Adress Objects  can be replaced by pfSence Alias

    To make the rules for V2.01 still a bit in a cloud a small example would get me on speed
    so I can power off my SonicWall for good!

    I made a Alias for ports:

    WOW01 3727, 6112, 6881:6999 (those should be open and send to internal IP 192.168.150)

    I think I have to do;

    NAT Port Forward:

    If    Proto  Src. ports Dest. addr    Dest. ports       NAT IP     NAT Ports
    WAN TCP    *    *    192.168.150  WOW01      192.168.150        WOW01

    Firewall Rules:

    Proto  Source  Port Destination  Port Gateway
    TCP        *        *  WOW01    *

    But not sure if this is ok ?
    Not easy to come from one firewall and try to understand the new one :-)
    Love to buy that book but is that already at version 2.01 ?

    (btw I needed to spoof my mac from the sonicwall to the Pfsense box to get my ISP going
    and dont have the up/down problem with the nic's)

    So if someone could tell me if this is correct/wrong or should be done in another way:-) that would be super.

  • The nat destination address should be wan interface address. By default a firewall rule is associated when you apply nat port forwad configuration

  • Thanks Marc for the Reply,

    Yup I got it now after I found this explanation of the screen it became clear.
    Take traffic entering the chosen interface,
    using the specified protocol,
    initiated from the specified source,
    destinated to the specified destination,
    and redirect it to the specified target IP and port.

    If you understand the above, then  you also understand the power of Pfsense, combined with Alias for Incomming IP's and Ports you can narrow your open port's to the bare minium needed. Most SOHO's and even advanced Firewalls dont have this fine grade filtering  they just open the range of ports for all thats happens to hit them.

    It is running super stable for days already, so bye bye to my other device. ::)

Log in to reply