Creating firewall rule



  • First - I have searched and looked at the FAQ and documentation section. I have also read quite a few threads, but I can figure out why im not able to open for 53 from the wan to an ip on the lan.

    under wan:
    TCP/UDP  *  53(dns)  10.0.2.254(DNS server on Lan)  53(dns)  *  *

    whenever I perform a grc scan it shows as stealth.

    Im sure im over looking something stupid. Anyways, thanks for any help.

    cconk01



  • Source port needs to be set to any instead of 53.



  • As kpa said :)

    If a client opens a connection the source is something random.
    Only the destination is defined.
    The source is normally about between 20000 and 60000 (just something high).



  • Here is what I have now and it still doesnt want to work….

    TCP/UDP  *  *  10.0.2.254  53 (DNS)  *    DNS

    Any ideas?



  • Did you Port Forward it?

    You should really make a diagram.



  • This is an interesting post as I was just about to post up with a similar question,

    cconk01:
    You need to add the port forward first under 'NAT' then make sure the box at the bottom is ticked that says 'Add firewall rule also' (or something). Then you will be sorted.

    Could any one explain why the source port in the NAT rule is the same as the destination but not in the firewall rule?



  • @Simoo:

    Could any one explain why the source port in the NAT rule is the same as the destination but not in the firewall rule?

    http://en.wikipedia.org/wiki/TCP_and_UDP_port
    Breifly- The NAT rule only cares about the destination port- the external and the local port. This is so you can listen on a different port on the public/external address than the internal service listens on. For example, you could have two webservers running on port 80 (local port) on a single public ip on ports 80 and 88 (external port) using NAT.
    The firewall rule normally only cares about the destination port. There is a reason it has the following disclaimer when you set the source port:
    NOTE: You will not need to enter anything here in 99.99999% of the circumstances. If you're unsure, do not enter anything here!



  • :) Thanks for that, I'll have a good read up…



  • Sory for takign so long to get back to everyone. No I did not port forward the rule. I believe this is my error. I will give it a shot when I get home.

    Thanks
    CCONK01



  • That was it! Thanks for the newby help… This has been my first setup of a pfsense and its gone rather well. Again I cant thank you enough. Thanks


Log in to reply