Need help setting up a rule or two

  • Hidy ho everyone,

    I have a virtual network setup at my job, and I'm using that network to practice incoming and outgoing connections between that network and my local LAN.

    I have a virtual server hosting a central database, and I wanted to get my local machine to send and receive updates to that database and a local database.

    I tried setting up a floating rule saying that all traffic coming and going on port 34200 (the port I need to use) could come and go through the firewall as needed.  But I wasn't able to get any traffic flowing through the firewall.

    So, I'm guessing I must be doing something wrong, and am asking for help.  Is there a trick to creating rules?  Or can someone help me setup a rule that would allow all communication through part 34200 to pass to one specific IP address, and any replies to flow back through?

  • LAYER 8 Global Moderator

    So rules would go on the source interface - where the client connecting to the servers traffic would first be seen.

    Sounds like your client is on the wan?  And your database is on the lan network of pfsense?  If so unless you turned off nat, this would be a port forward not a firewall rule.  Firewall rules would be used between lan segments, ie say lan and opt1 network.

    By default pfsense nats traffic between wan and lan.  If your client is on wan side of pfsense you need to create a port forward to the IP of your db server on the lan side.

  • You would be correct.  From pfsense's point of view, the server is on the lan, and the client trying to connect to it is on the wan.

    Though in truth, the client is on the company lan, and the server is on a virtual lan run by virtual box.

    I'll take a look at the nat rules, and post back here if I have any more questions.  Thanks!

  • LAYER 8 Global Moderator

    don't get me wrong you will need a firewall rule to allow the port forward - but when you create the port forward pfsense will create the firewall rule to allow the traffic.  Unless you on purpose change the default dropdown that says create associated firewall rule..  Don't touch that box ;)

Log in to reply