Changes between Version 1 and Version 2 of Cnbp2019/Agenda/pfSenseFirewall


Ignore:
Timestamp:
Mar 13, 2019, 5:34:58 AM (6 years ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Cnbp2019/Agenda/pfSenseFirewall

    v1 v2  
    4949    • Address: 192.248.7.XYZ and the mask (/) as 32
    5050    • Description: Public IP for server
    51 and Save
     51and Save  
    5252
    5353== NAT ==
     
    9898Once drag and Dropping finished click '''Save''' and '''Apply''' to complete the separation.
    9999
     100== Configuring NAT Mapping for our Lab Setup==
     101
     102In our Lab setup We have Monitoring server and Web server that need to be accessed from outside. But they are assign private IPs.
     103To access those servers from outside we need to create NAT mapping and their relevant Virtual IPs shown as above. After adding NAT
     104mappings we will also need to create rules to allow network traffic to those servers from outside.
     105
     106Let us add a VIP and NAT mapping for Monitoring server.
     107
     108Go to Firewall > Virtual IPs > ''' +Add '''
     109    • Type: IP Alias
     110    • Interface: WAN
     111    • Address: 192.248.7.XYZ and the mask (/) as 32
     112    • Description: Public IP for Monitoring server
     113and Save 
     114
     115Go to Firewall > 1:1 > Add
     116    • Interface: WAN
     117    • External Subnet IP: 192.248.7.XYZ
     118    • Internal IP: Single host 10.XY.5.10
     119    • Destination: Any
     120    • Description: NAT_Monitoring
     121
     122Lets allow http ports from outside
     123
     124Go to Firewall > Rules > LAN > Add to end
     125    • Action: pass
     126    • Interface: LAN
     127    • Address Family: IPv4
     128    • Protocol: TCP
     129    • Source: Any
     130    • Destination: Single Host, Enter 10.XY.5.10/32
     131    • Destination Port: HTTP(80)
     132    • Log: ticked
     133    • Description: Allow any to Web ports of Monitoring server
     134Save
     135
     136Now we will add a VIP and NAT mapping for our Web server.
     137
     138Go to Firewall > Virtual IPs > ''' +Add '''
     139    • Type: IP Alias
     140    • Interface: WAN
     141    • Address: 192.248.7.XYZ and the mask (/) as 32
     142    • Description: Public IP for Web server
     143and Save 
     144
     145Go to Firewall > 1:1 > Add
     146    • Interface: WAN
     147    • External Subnet IP: 192.248.7.XYZ
     148    • Internal IP: Single host 192.168.XY.100/32
     149    • Destination: Any
     150    • Description: NAT_Web
     151
     152Lets allow http ports from outside
     153
     154Go to Firewall > Rules > DMZ > Add to end
     155    • Action: pass
     156    • Interface: DMZ
     157    • Address Family: IPv4
     158    • Protocol: TCP
     159    • Source: Any
     160    • Destination: Single Host, Enter 192.168.XY.100/32
     161    • Destination Port: HTTP(80)
     162    • Log: ticked
     163    • Description: Allow any to Web ports of Web server
     164Save
     165
    100166== Traffic Shaper ==
    101167