Changes between Version 6 and Version 7 of pfsenseconfig

Timestamp:

Nov 24, 2016, 11:35:08 AM (8 years ago)

Author:

admin

Comment:

--

pfsenseconfig

@@ -44 +44 @@
 
 === Firewall Rules ===
+ -Go to menu and click '''System'''
+ - In the drop down list select '''Rules''' and you will directed to the firewall rules configuration page 
+ - You will see three tabs
+   * WAN : Traffic coming to WAN port
+   * LAN : Traffic coming to LAN port
+   * Floating : Advanced Firewall Rules which can apply in any direction and to any or multiple interfaces
+ - In the WAN tab you will see two rules already configured
+   * Blocking your private network leaking outside
+   * Blocking IANA reserved IPv6 addresses leaking outside
+ - In the WAN tab you will see three rules already configured
+   * Enabling HTTPS, HTTP and SSH (If you enable SSH) to the firewall IP
+   * Enable All the LAN IPv4 addresses to connect outside
+   * Enable All the LAN IPv4 addresses to connect outside
+Now let's create a new rule.
+ - In your VM desktop go to left corner and click the icon. From the menu select '''Terminal Emulator''' and open a Terminal
+ - Try to ping a known host (Your gateway, LEARN DNS or even Google) it should work
+ - Now go to your firewall web interface Under the LAN tab click '''Add''' and You will be prompted to the Edit Firewall page
+ - Set the parameter as follows
+   * Action : '''Block'''
+   * Interface : '''LAN'''
+   * Address Family : '''IPv4'''
+   * Protocol : '''ICMP'''
+   * Source : '''Single Host or Alias'''
+   * Give your vm's IP address in the text box
+   * Destination : '''any'''
+   * Description : '''Block ICMP from user host'''
+ - Click '''save''' and Click '''Apply changes''' in the following page
+ - Try ping the an IP from your VM
+ - We will do more on rules later
 
 === Static NAT ===
+You can Use Static NAT if you have a special requirement Like a Web server inside your LAN. What this does is map your mentioned private IP to an additional public IP 
+
+==== Create virtual IP ====
+We need to create a Additional WAN IP for the NAT.
+ - First go to '''menu''' and select '''Firewall''', From the drop down list select '''Virtual IPs'''
+ - In the Virtual IP's Page click on '''Add''' Button
+ - In the next page set the following
+   * Type : '''IP Alias'''
+   * Interface : '''WAN'''
+   * Address Type : ''' Single address'''
+   * Address : Give the Spare address in the [wiki:ipallocation IP table] / 24
+   * Description : WAN IP for NAT
+ - Click '''Save''' and '''Apply changes''' on the next page
+
+==== Create NAT ====
+Now lets map the created Public IP and Private IP
+ - First go to '''menu''' and select '''Firewall''', From the drop down list select '''NAT'''
+ - In the '''1:1''' Page click on '''Add''' Button
+ - In the next page set the following
+   * Interface : '''WAN'''
+   * External subnet IP : Your spare IP address
+   * Internal IP : '''Single host''' and give your VM's IP in the text box
+   * Destination : '''any'''
+   * Description : NAT For test
+ - Click '''Save''' and '''Apply changes''' on the next page
+
+==== Allow Access ====
+ - First go to '''menu''' and select '''Firewall''', From the drop down list select '''Rules'''
+ - In the '''WAN''' tab click on '''Add''' Button
+ - In the next page set the following
+   * Action : '''Pass'''
+   * Interface : '''WAN'''
+   * Address Family : '''IPv4'''
+   * Protocol : '''any'''
+   * Source : '''any'''
+   * Destination : '''Single Host or Alias'''
+   * Give your vm's IP address in the text box
+   * Description : '''Allowing NAT'''
+ - Click '''Save''' and '''Apply changes''' on the next page
+
+ - Now try to ping to your VM from your PC (use the Public IP address)
+ - Now try to ssh to your VM from your PC (use the Public IP address)
 
 === Using Alias ===
-
+   
 === Traffic Management ===