Changes between Version 1 and Version 2 of noc2018/agenda/PfsenseFirewall


Ignore:
Timestamp:
Dec 4, 2018, 7:26:07 AM (7 years ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • noc2018/agenda/PfsenseFirewall

    v1 v2  
    1717- Type: Host(s)
    1818- IP or FQDN: 10.XY.1.1
     19- Add host
     20- IP : 2401:dd00:xxxx
    1921and Save. If you click Add then it will allow you to add multiple IP addresses for a single name
    2022
     
    4042- Description: Normal Office hours
    4143
     44== Virtual IPs ==
     45
     46To create NAT mappings we need to create a virtual IP. This acts as a secondary IP for the network of the interface it is configured.
     47
     48As an example lets create a VIP to be NAT for your server. You may refer IP table reservation for your server Public IP
     49
     50
     51Go to Firewall > Virtual IPs > +Add
     52
     53- Type: IP Alias
     54- Interface: WAN
     55- Address: 192.248.7.z / 32
     56- Description: Public IP for server
     57
     58and Save
     59
    4260== NAT ==
    4361
     62Here we may create NATs based on Port Forward, one to one, outbound, NPT.
     63
     64We will focus on one to one NAT for workshop
     65
     66Go to Firewall > 1:1 > Add
     67
     68- Interface: WAN
     69- External Subnet IP: 192.248.7.z
     70- Internal IP: Single host 10.XY.1.1
     71- Destination: Any
     72- Description: Public NAT
     73
     74== Rules ==
     75
     76Lets allow http and https ports from outside
     77
     78Go to Firewall > Rules > WAN > Add to end
     79
     80- Action: pass
     81- Interface: WAN
     82- Address Family: IPv4+IPv6
     83- Protocol: TCP
     84- Source: Any
     85- Destination: Single host or Alias: wwwserver
     86- Destination Port: Custom: wwwport
     87- Log: ticked
     88- Description: Allow any to Web ports of wwwserver
     89
     90Save
     91
     92For LAN side, by default web ports are enabled. If you need to allow any other port then,
     93
     94Go to Firewall > Rules > WAN > Add to top
     95
     96- Action: pass
     97- Interface: LAN
     98- Address Family: IPv4+IPv6
     99- Protocol: TCP
     100- Source: Single host or Alias: wwwserver
     101- Destination: Any
     102- Destination Port: SSH
     103- Log: ticked
     104- Description: Allow  wwwserver to SSH outside
     105
     106Save
     107
     108
     109You may also add different Separators to define rule groups.
     110
     111Click **+ Separator** Give a Name (eg: web) and a Color
     112
     113You may drag and drop the separator by holding from its name. Also you may drag rules by holding from the rules **Anchor** mark
     114
     115Once drag and Dropping finished click **Save** and **Apply** to complete the separation.
     116
     117
     118 
     119
     120
     121