Firewall Rules NAT & Port Forwarding Basics #pfsense

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone today I'm going to discuss the very basics of a PF sense firewalls nothing crazy like floating rules the simple things like aliases and how they can be used or in what order to put your rules you know if you put a rule at the top versus at the bottom what difference that makes and why I hope everyone finds this useful and uh thanks for watching [Music] welcome when I went ahead and did ahead of time is I went ahead and cleared pretty much almost all of my port forwards my and that rules my firewall aliases and my firewall rules that way we can pretty much build them together now so we're gonna go ahead and start by going to firewall and then aliases and what I'm going to do first is I'm going to make me a port Alias ports underscore them whatever these are these are going to be um admin ports useful access to psn's web GUI and in my case the port 5000 port 22. uh-huh it's going to apply now we're going to go ahead and make an alias 4. where my plexus my IP address is so let's do IP media server 192.168 .10.200 go ahead and hit save we're going to apply I have only certain people I allow access my my Plex server so I have ddns set up on their routers that way my router will always know what their public IP is now I'm not going to put the real ones in here for obvious reasons but I will put made up ones I'll call this friendly ddns and we'll call this one blah blah blah of course one blah blah blah two blah blah blah one that will be for my mom's router and my sister's router ddms promote Flex server access so go ahead and save these and then now we're going to add another one we're gonna call this one next cloud and we'll do two we'll do one for the internal one remember right is I think 202 then we'll call this one the blah blah blah dvns Dot let me we'll call this one the public hostname we'll call this one the local IP address it's frozen they're called aliases I'm going to apply and there are many more you can do and maybe I'll do another video work on the depth on it where you can lock out Ingress and egress um ports for Atlanta win but for now let's just do this one underscore Plex all right just as an example and then now we're going to go to firewall Nat and now we're going to do is we're going to create a port forwarding rule to allow that external communication so what we're going to do here is we're going to go ahead and TCP LAN ipv4 through the ports Plex right single host would be IP underscore Plex and the source will be another alias that will be those um friendly ddns Alias we made so now we are going to let it use the system default and we're going to do that we're going to add an Associated rule allow ddns friendly post to reach Plex save oh one numbness here plugs It's Gonna Save you see now we got that one right here let's look at apply oh and I actually need to change this one foreign then we'll go back over here to firewall and rules and we're going to Center when that one was created and let's go ahead and do this save apply go back to Matt and now we're going to add um two more Port forwards HTTP and then we're gonna do another one for https so the source can be any TCP redirect target.p so we're going to do next cloud and we're doing HTTP so this is going to be port 80. we're gonna go and hit save I don't really forget that again oh I'm going to hit save go ahead and apply and then we're actually just going to make this simple and we're going to duplicate this one change this to https change this to https and then we're going to rename this one to https save apply now we're going to go to firewall and rules and see that now we have our two for next cloud quick little overview of how these firewall rules work is with PS sends they have a top down order if I was to block everything up here and then I allowed things here these things would not work because this first rule would be the one that it matched now let's say if I have a whole list of rules and then I say block everything else then it will block everything else it's all about where you put it in what order so let's go ahead and begin with this one now remember we made an alias a minute ago so let's go ahead and change this to other we'll do ports PF sense admin Pearson's admin and see as you see it was the same thing as Port 5000 which is up here in case you're wondering and what these are is maybe I'll do another video where I'll do DNS resolving but um this forces everything on the network to be redirected to PF senses DNS resolver versus going to wherever each individual device says and the same thing right here with ntp and the reason why is whether you have cameras or whatever else you have you want all the times to match up right now with our current rules is it shows that pretty much everything's Allowed no matter what default pass all so the first thing I'm going to do is I'm going to add a block rule for IPv6 any any unblock all IPv6 watches reject the block all right so block all IPv6 we're gonna apply let's go ahead and move this one here I always want my anti-lock out first no matter what every single time all right so now let's do uh another rule let's go ahead and do we do our cpmp allow Source oh let's do net destination to any this will allow pinging [Music] all right and another common Rule people will do but it doesn't really work in this use case is people will have a block everything else rule they'll do any any and we'll call it you know something along the lines of block everything else hit save and what we'll do is they will Sam's right here all right we'll hit apply now if I was to flip-flop these now nothing will work because that's well except for everything above it and that's the way that the rules are set up so a lot of people have all their rules in front and then they'll put block everything else at the very end it'll look something like this but again in this case it doesn't matter because I'm allowing pretty much everything here and I'm blocking everything else I will go and make another video later on or I go into more depth on how you can secure your network a little bit better with um more ports that you allow and don't allow and I forgot what the nickname for it is but it's pretty much the restrictive block everything deal with the Fallout afterwards but um that's pretty much it for this firewall section I hope it was somewhat useful to people and I hope it helps everybody at least get started with firewall rules thanks

Info

Channel: Morgans Tech Mods

Views: 3,159

Rating: undefined out of 5

Keywords: pfSense, Firewall, Firewall Rules, Port Fowarding, NAT, Pass, Block, Allow, Deny, Firewall Aliases, Aliases

Id: aL8eVlnSYk4

Channel Id: undefined

Length: 10min 37sec (637 seconds)

Published: Wed May 24 2023