Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Clients can not access internet

    Firewalling
    3
    5
    1219
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      informxvolny.cz last edited by

      Hello,

      this is probably something very simple but I can not find a solution even after couple of hours…

      I just installed pfsens on ALIX. Everything seems to be ok.

      Problem is that I want clients to access only internet from their browsers (for beginning)
      I thought that it should work when I setup LAN rule like that:
      Source: Lan net
      Protocol: TCP
      Port: any
      Destination: any
      D. port: 80

      but it does not work. Clients can access internet only with this rule:
      Source: Lan net
      Protocol: any
      Port: any
      Destination: any
      D. port: any

      OR with Easy rule that I created from log
      Source: 192.168.1.37 (client IP address)
      Protocol: TCP
      Port: any
      Destination: 92.122.253.55 (some web page)
      Port: 80

      I attach a picture, you can see there some other rules as I am playing with setup.

      Thank you in advance for any help.


      1 Reply Last reply Reply Quote 0
      • Cry Havok
        Cry Havok last edited by

        The rules are processed top down (as is explained in the documentation if you take the time to read it ;) ). As such this means the default pass all rule wins each time until you disable it.

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          If you're only permitting TCP 80, you're blocking DNS (TCP/UDP 53), which means nothing will work.

          1 Reply Last reply Reply Quote 0
          • I
            informxvolny.cz last edited by

            @cmb:

            If you're only permitting TCP 80, you're blocking DNS (TCP/UDP 53), which means nothing will work.

            Thank you very much! This is a direction that helps me, there will be probably more to setup because I tried to allow DNS on LAN intf., and some pages are not working but I believe that I will do it.

            1 Reply Last reply Reply Quote 0
            • I
              informxvolny.cz last edited by

              It works now, really only 2 ports needs to be allowed, 80 and 53. I do not know why it did not work before, maybe some cache (?)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post