1. Home
  2. pfSense® Software
  3. NAT
  4. Corporate Acceptable Use Agreement

Corporate Acceptable Use Agreement

  • P

    Hi guys! I just recently changed from winroute to pfsense due to a very good evaluation of the latter. In winroute during the initial setup the following ports are the only allowed open ports behind winroute, meaning you can only use ports 80, 443, 143, 110, 25, 20-21, 23, and 53 to run a very tight ship, with this it can ultimately prevent P2P and other applications from hogging all the bandwidth.

    When I changed to pfsense I noticed that every port on outgoing NAT is open, now my question is how can I specify the above ports to be the only ones allowed?

    Please be so kind to teach me. :-)

    0
  • GruensFroeschli

    Create an alias with all the ports you want to allow.
    Change the default "allow all out" rule so that the "destination port" is not any, but your alias.

    0
  • P

    I've done the alias but where do I exactly put it, sorry but I'm really new at this.

    0
  • GruensFroeschli

    Go to the firewall rules
    Press the e-button on the right side.
    The red field for "destination"

    0
  • P

    Got it to work but somehow I think I made an error on the port ranges, is this the correct format? 20:21 for ports 20 to 21 then also like 25:26 for ports 25 to 26? It says that if I want to add port ranges I just need to separate it with a colon punctuation but when I try it doesn't seem to load properly. I noticed that somehow my browsing speed has slowed down or its just me. :-)

    0
  • GruensFroeschli

    Yes that's how you define a port-range.
    Like for 100 to 200 you write: "100:200"
    What exactly do you mean with "it doesn't seem to load properly"?

    0
  • P

    Here's the error when I do that:

    There were error(s) loading the rules: no IP address found for 25:26/tmp/rules.debug:134: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [26 /tmp/rules.debug]: nat on $ng0 from 192.168.0.0/24 to any -> (ng0)…

    My Alias is Corporate

    80, 443, 143, 110, 25:26, 20:21, 53

    0
  • GruensFroeschli

    Can you show screenshots of how you've set it up?

    Attached how it does work.




    0
  • P

    I got it to work finally! Yihaa! Thanks for the hints and guidance sir!  ;D ;D ;D

    Hmmm, I encountered something really annoying, when the alias and the rule are enabled I noticed that internet browsing is painfully slow including other normal internet related applications, I uninstalled squid and its still the same problem. When I disabled the rule the browsing speed returned to normal.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy