Allowing ports through a pfSense firewall


So you want someone to login remotely to access a specific resource on your network without exposing the rest of your systems to the dangers of the internet? These are the steps to follow to either create a new port or ports from a secured Linux distribution through a firewall using pfSense while still maintaining some semblance of security. There is much more that can be done for security, so we will just cover the basics for now. To start, you will need:


* The remote user's IPv4 address
* Which ports will be exposed to the user's IP address
* When to open and close the firewall for the user
* The internal server's IPv4 address

In addition, you will need the ability to make changes on:
* pfSense NAT and Firewall settings, as well as aliases
* pfSense Suricata, if applicable
* internal server firewall settings
* internal server network settings (only if server has gateway disabled)

A note regarding pfSense Aliases - if this is just a one-off server & port or port-range forwarding job, then Aliases are probably not for you. But, if you have multiple IP addresses, multiple ports, multiple users, whitelists, blacklists, etc then Aliases will make a huge difference in the way you use and configure your pfSense firewall. Basically, and alias is just that - a placeholder or pointer (shortcut) to represent several different numerical or named values with a simple name. For example, if there are several ip addresses that need to be forwarded to on Bob's network, then an Alias can be made for "bobs ip addresses" that would allow one rule being made instead of a duplicate rule for each ip address that needs forwarding to. This does take some thought and planning as its easy to forget what points to where, and create aliases that cause the firewall to operate in an unintended manner. A full description and how-to of Aliases in pfSense can be found at https://doc.pfsense.org/index.php/Aliases


Comments

  1. LoraJuly 20, 2018 at 7:23 AM

    Yep, and can some VPN help with that?

    ReplyDelete
    Replies
    1. UnknownJuly 20, 2018 at 7:47 AM

      Yeah,with VPN you should manage to get rid of that kind of problems, check for bestvpnrating.cоm

      Delete

Post a Comment

Popular posts from this blog

Using a Cisco Analog Voice Gateway with FreePBX

Image
Here's how to use the Cisco VG202 / VG204 / VG224 with FreePBX. Materials list: Cisco VG202 / VG204 / VG224 a server running FreePBX (physical or virtual) a network connection between FreePBX server and port FE0 on the Cisco Voice Gateway a PC or laptop that has a DB9 serial port or USB to DB9 serial adapter PuTTY ssh and telnnet client WinImage CF card reader 64MB or larger Compact Flash card (for Cisco IOS) a Cisco Console cable 66 block with female Amphenol connector CAT3 Telco cable with 90° male to male Amphenol ends a telephone test set  OR  an RJ-11 duckbill jumper cable + regular phone Here is a quick overview of what we will do: Configure the Voice Gateway to receive calls from FreePBX Configure the Voice Gateway dialplan to match and forward to FreePBX Configure FreePBX with a SIP Trunk and Outbound Route to the Voice Gateway First, you will need to acquire a Cisco IOS image like this one  HERE . Copy the image onto the CF card with your comput
Read more

Reset a Cisco VG224 Analog Voice Gateway or 1800 series router

The first method involves setting the configuration register to 0x2142. Most admins use this method to recover a password, but you can recover a password and wipe the configuration at the same time. Follow these steps: Log on to the router, and enter the privileged EXEC mode by entering enable and then entering the enable password command. Enter configure terminal to go to Global Configuration Mode. Enter config-register 0x2142. (This causes the router to ignore the startup configuration on the next reload.) Enter end, and reload the router by entering reload at the Router# prompt. The system will ask whether you want to save the configuration. Enter no, and confirm the reload at the next prompt. After the router has reloaded, the system will ask whether you want to enter the initial configuration dialog. Enter no. Change the configuration register setting to 0x2102 by entering enable and configure terminal to go back to Global Configuration Mode and then entering config-regi
Read more

Chinese IP camera backdoors

Onvif "HDIPC" telnet root: cat1029 vi /mnt/config/ipcamera/config_user.ini <-- list user accounts and passwords Onvif "NVT" telnet root:xmhdipc cat /mnt/mtd/Config/Account1 <-- list user accounts and passwords random other passwords for ip cameras root     xc3511 root     vizxv root     admin admin    admin root     888888 root     xmhdipc root     default root     juantech root     123456 root     54321 support  support root     (none) admin    password root     root root     12345 user     user admin    (none) root     pass admin    admin1234 root     1111 admin    smcadmin admin    1111 root     666666 root     password root     1234 root     klv123 Administrator admin service  service supervisor supervisor guest    guest guest    12345 guest    12345 admin1   password administrator 1234 666666   666666 888888   888888 ubnt     ubnt root     klv1234 root     Zte521 root     hi3518 root     jvbzd root     an
Read more