My Rules not working



  • Hidy ho all,

    I'm experimenting with creating firwall rules, and seeing what they do.  And I'm afraid I'm stuck, and not sure whats not working and why.

    I'm working with 2 virtual machines.  A virtual machine running win 7 32 bit, and another running pf sense.  The pf sense machine has 3 interfaces (though 2 are only relevant here).  An interface that is a shared interface with my local nic.  And an interface connected to a virtual network, which I'm calling network 3.  The windows 7 vm is connected to the virtual network 3 as well.

    Now, I created 3 rules on the 2 interfaces in question.  Each rule is Identical on both interfaces.  On the WAN interface (the shared interface with my actual nic) the first rule is a tcp rule and says to allow anything coming in, or going out, over port 80.  The second is a tcp rule that says to allow anything coming in or going out over the port https.  And the third is an sql rule saying to allow anything coming in or going out over port 1433.  I have the exact same rules on my LAN interface.

    Now, after implementing these rules, and disabling the allow all rule, my internet connection dropped on my vm.  My question is why?

    These rules should have covered all my bases, and yet I don't have anything between the internet and my virtual lan.



  • Does the vm use an external DNS?
    If so you will need a rule to allow access via TCP/UDP port 53.



  • Thanks for the reply

    I have it set to get everything from the firewall.  And I have DNS running on the firewall.

    I've also been experimenting with allowing/denying these rules of mine.  So far nothing.

    Finally I disabled the rules on the wan interface, so now the rules are only on the lan interface.  Still nothing on my end.

    As far as I can tell, windows should send/receive everything out of port 80, chrome should send everything out port 80 or 443 (for https).  yet, I have no internet access on that vm.

    I'm clearly missing something, but I have no idea what.



  • I'm sorry to keep bumping this thread, but I really do want to know.  Did I miss something with the afore mentioned rules?

    Because I do have internet connectivity when I enable the default allow all rule.

    If it would help, I could post a screen shot of the exact specifications on each rule.

    Just let me know what you need.



  • @mattig89ch:

    I have it set to get everything from the firewall.  And I have DNS running on the firewall.

    You need also a rule allowing DNS and the other access to the firewall itself, if you have deactivated the default allow any to any rule.
    To check if this is the issue try to enter a known IP in the browser like 206.190.36.45 for yahoo.com.


  • Netgate

    On the WAN interface (the shared interface with my actual nic) the first rule is a tcp rule and says to allow anything coming in, or going out, over port 80

    That sounds like a basic misunderstanding about how pfSense rules work.

    https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting



  • Ok, so the DNS rule worked like a charm.

    The second I added the dns allow rule between the lan network and the firewall, I got an instant connection.

    Thanks for the help!

    Oh, and I'll be sure to read over that link.  Its entirely probable I'm mis-using the rules.