This LAB will cover scenario of publishing services to the internet – creating WAN firewall rules and NAT (Port Forwarding) for pFSense.
We already went through installation, configuration, LAN firewall configuration, and now we`ll configure access from the internet to the services in our network.
For this LAB I published test website in IIS.
Windows Server 2016 is on 10.20.20.2 IP address, and pFSense is on 10.20.20.1 IP address.
Logon to your pFSense web interface (see my previous LABs if you are not sure how.)
Select Firewall | NAT |Port Forward |Add
Interface: WAN |Protocol TCP | Destination WAN Address | Destination Port Range HTTP | Redirect Target IP: address of the PC that hosts website (in my case it is 10.20.20.2)
So, we just defined the rule where if HTTP traffic arrives at our public IP address, it will forward that traffic to our LAN (private network) to specific PC
Redirect target port: HTTP | everything else as default, enter something in description so that you know why the rule is there. | Save
Created rule looks like depicted on the screenshot | Select Apply Changes
If you go to the Firewall menu | Rules |WAN – there should be automatically created firewall rule for created NAT
Let’s see if the port is opened and visible from the internet. It should be if we done everything correctly and service on the local PC is active.
Great site on which I usually check open ports is – http://www.yougetsignal.com/tools/open-ports/
Enter your public IP and the port for which you wish to check the status. You can also choose to scan all common ports for your public IP
Ok, IIS is started and I did a lovely drawing in the Paint and published it as main website. I checked my website from the mobile phone just to be sure there isn`t any LAN connection.
Works – Port Forwarding – WAN Firewall rule is working.
We learned another simple lesson about pFSense and now know how to publish out own webservices via pFSense to the internet.
pFSense article series:
How to install pFSense on Hyper-V – https://www.informaticar.net/how-to-install-pfsense-on-hyper-v/
How to configure pFSense – https://www.informaticar.net/how-to-configure-pfsense/
How to define firewall rules on pFSense – https://www.informaticar.net/how-to-define-firewall-rules-on-pfsense/
How to create port forwarding on pFSense – https://www.informaticar.net/create-port-forwarding-on-pfsense/
How to setup OpenVPN on pFSense – https://www.informaticar.net/how-to-setup-openvpn-on-pfsense/
How to setup OpenVPN on client (pFSense) – https://www.informaticar.net/how-to-setup-openvpn-pfsense-version-on-client-pc/
OpenVPN on pFSense: Enable access to the LAN resources – https://www.informaticar.net/openvpn-on-pfsense-enable-access-to-the-lan-resources/
How to revocate user certificate on pFSense – https://www.informaticar.net/how-to-revocate-user-certificate-on-pfsense-openvpn/
How to import PFX certificate to pFSense – https://www.informaticar.net/how-to-import-pfx-certificate-to-pfsense/