Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can't allow just HTTP or HTTPS traffic out

    Firewalling
    4
    6
    2178
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Photovor last edited by

      I have a pretty fresh install of pfSense, updated to the latest version.  I simply have 2 interfaces, my WAN and LAN.  My WAN connects directly to my cable modem, and my LAN interface is assigned a 192.168.1.x address.

      I have the default WAN blocks in place, bogon networks and private networks. Up until now, I've had the default LAN firewall rules in place, which were the anti-lockout rules and ANY rules.  I've recently begun to start limiting internal ports, however in starting to this, I seem to be running into a problem.  Whenever I disable the default any to any rule on my LAN, and add rules to allow HTTP and HTTPS, I can't browse any sites at all.  The configuration seems simple enough to me, but maybe I'm just being a little thick?  I've attached a screenshot of the rules I've setup in hopes I can get some suggestions.

      Thanks

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi last edited by

        your client might also need TCP/UDP port 53 services also, like dns or something similar ;)

        Try with a simple modification to your firewall rules, add icmp rule, so you can ping and ping first like 8.8.8.8 and www.google.com
        if first one pass, ok your icmp rule works, if another one works then you don't need dns rule

        BUT NOTICE that you'll need to ping from client machine not from firewall

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          That allows HTTP and HTTPS, if you strictly browse by IP. :) Have to allow DNS too, TCP/UDP 53.

          1 Reply Last reply Reply Quote 0
          • P
            Photovor last edited by

            ::SMACKS FOREHEAD:: Duh! Exactly the problem. Once I enabled port 53, I was good.  Thanks for both responses.

            I was kind of following the basic guide at http://doc.pfsense.org/index.php/Example_basic_configuration and it didn't even mention opening port 53.

            1 Reply Last reply Reply Quote 0
            • M
              Metu69salemi last edited by

              Glad to hear that.

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                "it didn't even mention opening port 53."

                Does it really need too?  And it does mention it in the outbound dmz section

                If you use an external DNS server you will need to allow the computers to leave the network to connect to a DNS server.

                Allow TCP\UDP 53 from DMZ subnet (DNS) to ip of primary DNS server
                    Allow TCP\UDP 53 from DMZ subnet (DNS) to ip of secondary DNS server

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy