Help with firewall please

KOM

Your network diagram is confusing. Are WAN and LAN on the same subnet?? If so, that won't work.

oscardawgg

Your network diagram is confusing. Are WAN and LAN on the same subnet?? If so, that won't work.

No lan is 192.168.56.0/24 network and Wan is outside IPs with a 255.255.255.248 mask. I got the beginning of a network so i just put in the .1 and .2 So like x.x.x.0/29

KOM

OK I took another look at your updated LAN rules. You're only allowing TCP/UDP to go to WAN net. Get rid of your bottom two Allow rules and put this in their place:

ID Proto Source Port Destination Port Gateway Queue Schedule Description
IPv4* * * * * * none Allow LAN to any rule

oscardawgg

Progress :) Now i can get to google and even googles searches, but nothing past that still. I am still resolving DNS (tried going to www.space.com), but web traffic still a no go.

KOM

If you can get to Google and do searches, then HTTP is working. What exactly are the errors you are getting?

oscardawgg

Just time outs, almost like my dns knows nothing else. NSlookup turns up ips and everything good, just when i try to use browser (IE) it times out. So far google is the only thing i can get to, and its kinda slow to talk. I do wireshark on firewall and on network and it looks like everything is good, not sure what to do next.

johnpoz

Confused - why did you delete/edit the default rule that pfsense puts on the Lan of any any??

Can you post up your current rules.

Your first rule was tcp/udp to wan net - that would only allow access to "outside IPs with a 255.255.255.248 mask"

And your 2nd rule was jut icmp to any any.

Are your clients using pfsense as dns, or pointing directly to something else like 8.8.8.8? If you think you have dns issues, can pfsense resolve? Under diag, dns lookup - and what do you have pfsense using for dns.. Your ISP, something you put in? Are you using the forwarder? IE does pfsense list 127.0.0.1 as one of its dns on the system info widget?

oscardawgg

Dns is internal 2012 server. Only 2 clients currently on network. DNS and test box. See diagram above. Here is my current screen shots after we started working. Thanks so much for the help guys.

![wan 2.0.PNG](/public/imported_attachments/1/wan 2.0.PNG)
![wan 2.0.PNG_thumb](/public/imported_attachments/1/wan 2.0.PNG_thumb)
![dns 2.0.PNG](/public/imported_attachments/1/dns 2.0.PNG)
![dns 2.0.PNG_thumb](/public/imported_attachments/1/dns 2.0.PNG_thumb)
lan2.0.PNG
lan2.0.PNG_thumb

johnpoz

So that tcp/udp rule is pointless since you have a any any rule below it. And your wan rule.. Curious why you are blocking those IPs from showing up in your firewall block log? But looks like your logging access to your wan IP from your lan, which really should be like never ;)

I do show that first 61 IP in the abuseIPDB – but why do you not want it logged? Are they generating lots of noise?

oscardawgg

I pulled the tcp/udp rule. I realize now its double coverage lol. Trying to keep the log clean so i can see whats going wrong with it. And those 4 ips so far are bad juju and are always blocked.