Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    My Rules not working

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mattig89ch
      last edited by

      Hidy ho all,

      I'm experimenting with creating firwall rules, and seeing what they do.  And I'm afraid I'm stuck, and not sure whats not working and why.

      I'm working with 2 virtual machines.  A virtual machine running win 7 32 bit, and another running pf sense.  The pf sense machine has 3 interfaces (though 2 are only relevant here).  An interface that is a shared interface with my local nic.  And an interface connected to a virtual network, which I'm calling network 3.  The windows 7 vm is connected to the virtual network 3 as well.

      Now, I created 3 rules on the 2 interfaces in question.  Each rule is Identical on both interfaces.  On the WAN interface (the shared interface with my actual nic) the first rule is a tcp rule and says to allow anything coming in, or going out, over port 80.  The second is a tcp rule that says to allow anything coming in or going out over the port https.  And the third is an sql rule saying to allow anything coming in or going out over port 1433.  I have the exact same rules on my LAN interface.

      Now, after implementing these rules, and disabling the allow all rule, my internet connection dropped on my vm.  My question is why?

      These rules should have covered all my bases, and yet I don't have anything between the internet and my virtual lan.

      Obstacles are those frightening objects we see, when we take our eyes of the objective.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Does the vm use an external DNS?
        If so you will need a rule to allow access via TCP/UDP port 53.

        1 Reply Last reply Reply Quote 0
        • M
          mattig89ch
          last edited by

          Thanks for the reply

          I have it set to get everything from the firewall.  And I have DNS running on the firewall.

          I've also been experimenting with allowing/denying these rules of mine.  So far nothing.

          Finally I disabled the rules on the wan interface, so now the rules are only on the lan interface.  Still nothing on my end.

          As far as I can tell, windows should send/receive everything out of port 80, chrome should send everything out port 80 or 443 (for https).  yet, I have no internet access on that vm.

          I'm clearly missing something, but I have no idea what.

          Obstacles are those frightening objects we see, when we take our eyes of the objective.

          1 Reply Last reply Reply Quote 0
          • M
            mattig89ch
            last edited by

            I'm sorry to keep bumping this thread, but I really do want to know.  Did I miss something with the afore mentioned rules?

            Because I do have internet connectivity when I enable the default allow all rule.

            If it would help, I could post a screen shot of the exact specifications on each rule.

            Just let me know what you need.

            Obstacles are those frightening objects we see, when we take our eyes of the objective.

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              @mattig89ch:

              I have it set to get everything from the firewall.  And I have DNS running on the firewall.

              You need also a rule allowing DNS and the other access to the firewall itself, if you have deactivated the default allow any to any rule.
              To check if this is the issue try to enter a known IP in the browser like 206.190.36.45 for yahoo.com.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                On the WAN interface (the shared interface with my actual nic) the first rule is a tcp rule and says to allow anything coming in, or going out, over port 80

                That sounds like a basic misunderstanding about how pfSense rules work.

                https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • M
                  mattig89ch
                  last edited by

                  Ok, so the DNS rule worked like a charm.

                  The second I added the dns allow rule between the lan network and the firewall, I got an instant connection.

                  Thanks for the help!

                  Oh, and I'll be sure to read over that link.  Its entirely probable I'm mis-using the rules.

                  Obstacles are those frightening objects we see, when we take our eyes of the objective.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.