Newbie needs help - basic firewalling
I've just build my pfSense system and I have some difficulties configurating it.
internet ----> wan ----> lan -----> switch ----> PCs
I've just switch from a D-Link DFL-200 hardware firewall and I tried to take over the basic firewall rules on the pfSense unit. Unfortunalty to this point I can't even connect to the internet. ;D
Here's where I get confuse: in order to connect to ther internet I thought I needed I a rule like "LAN->WAN policy, NAT enabled" so in pfSense i tried the following:
/firewall/rules/ LAN: Proto Source Port Destination Port Gateway Description TCP LAN address * WAN address 80 (HTTP) * tcp 80
Do I need to do the same thing for the WAN section? (tried and it didn't work)
What am I missing?
Perhaps one last information: in pfSense I can ping lan ip as well as google.com
Any help would be greatly appreciated
If you don't have any special behind the firewall running, the setup wizard at the gui would kickstart everything nicely. That is at my place anyway. :) So what rules do u want to copy into PfSence? What do you have running at your lan and/or dmz?
Thanks for your answer Snailer.
I did a reset and I am now online :D
I'm still confuse though. As I understand pfSense blocks all ports by default, where is then the http serice enabled?
One last thing. Let's say I want to use a torrent client, do I have to configure anything in "firewall: rules" or do I only have configure "Firewall: NAT: Port Forward".
Thanks again for your help
From what I have understood, a lot of rules and pre-configuration is already taken place at the background of pfsense,
which isn't show at the gui, to make us newbies live easier. :) (A small downside is that is could add some confusing for us noobs) ;)
Furthermore i would like to say: 'shoot those bears of the road you are seeing!' :D
Try first if your app's will run out-of-the-box; then u can look and ask around if u need a rule applied into pfsense.
btw: there is a upnp package available. I didn't had to use it so far.
The default configuration is everything coming in from the Internet is blocked. Everything going out from the LAN is allowed.
To restrict your LAN outbound access, change the rules on the LAN interface.
Thanks for clearing this up.