[HELP] some info!…
I've installed pfsense 1.2 two days ago, my task was to have 3 nics (1 WAN, 1 LAN, 1 DMZ), i got an adsl with 8 public ips from my isp. In my previous firewall hardware (a dlink that was kill by some elettrical issue…) i've got the LAN/WAN/DMZ support and was configured with a publi ip from my range on wan e one on the dmz, this was just to use public ip on dmz machine behind dlink firewall.
After pfsense finished his installation process i've tried to setup it up like my old firewall, but if i set a public ip from my range on wan that's all ok, if on my dmz interface i setu up another public ip and leave the "static" and not "bridged" (with wan) my server on dmz are unable to go to internet. If i set the dmz interface as bridged with wan i can use my public ip on dmz machines, BUT....it's the right procedure?!?!?
If so why in the log, after i've created a rule for dmz that allow everything (from anywhere to anywhere on any protocol) i read that pfsense block connections from DMZ and BRIDGED (at this point the "bridged" interface it's not so clear to me...) to some ip? And sometimes i see that some connection are allowed??????
Another thing: the "states" are the concurrent connection, it's right?? On my old firewall i got that value usually on 3/4000 connections, on pfsense the max was just 2/300!!! why?!?
Any help will very appreciated, im newbee on this kind of firewall but pfsens looks very good to me, i only need to understand it a lil better! ;)
At system>advanced you should enable the filtering bridge. For what you want to do (using public IPs in the dmz you have to use bridging, this is correct.
What do you mean by 2/300 states? I also son't understand the question regarding the blocked connections from dmz. Please give us more details.
Thanks a lot for ur simple but so usefull tip/help!! ;)
Now i've solved some of my problema (in particular way the impression that all kind of rules i've applied to dmz seem to be not respected :D ).
Some info on rules:
- the default policy for OUTbound connections on the DMZ is?? permit or block? (when there are no rules pfsense alert that incoming connection will be block, but outgoing?!?).
- why in the firewall logs i see blocked connections, on WAN interface (?!?), that have as destination the public ip of my server on dmz? The incoming rule should be created on wan or dmz interface??? Admit that im a lil confused :)
Another couple of things:
- i've created a vpn, site-to-site, connection, all ok, but: how can i say to pfsense to start that tunnel? And how can i set that, if the tunnel broke the firewall should reconnect it?
- i've installed snort for more security again ddos and so on, but after a reboot of the machine i find some snort-messages in the log but under service the right voice is missing…
Thanks for your help and patience ;)
PS: my complex-questions about "states" was just resolved
Firewallrules ar always applied incoming at an interface. Everything that is once passed incoming will be allowed to leave at other interfaces. The reverse traffic for this conection will be allowed as well as this is then handled by the state that was created for that connection. So you don't write outbound rules.
IPSEC is established on demand unless you have entered a keepalive IP for the tunnel. If this one is set it will frequently ping through the tunnel that will keep the tunnel allive and also establish it if it has failed or was down.
I'm not sure about the status of the snort package currently but there seem to be some issues with it. Check the package forum for some avtive discussions on that topic.
ah ok, it's clear, and right ;)
For IPSec how can i estabish the tunnel on demand? there is a button or something similar? I look for it but with any result.
I ll go to check snort subforum. Tnx a lot for ur time
If you don't enter a keepalive IP it's on demand by default.