0

I've included my current setup.

However, when I try and access the firewall from outside my organization, I only get this:

ERR_CONNECTION_TIMED_OUT

Am I not the correct protocols through?

enter image description here

EDIT:

(not mentioned is above this ruleset I back a default catch and block ALL for ALL protocols thinking that I set a block all then allow on a case by case basis.)

So I narrowed down the issue... I think. Apparently, it works fine if you leave the protocol blocked to TCP/UDP. But the moment you try and block ALL protocols it seems to also break OpenVPN and HTTPS.

Maybe I need to allow one of the other protocols as well?

Jason
  • 3,821
  • 17
  • 65
  • 106

2 Answers2

1

Besides the firewall rule you mentioned, you also need to add port forward rule which points to the internal web server. The idea is when pfsense firewall detects a network connection to TCP port 443, it will redirect the traffic to internal web server TCP port 443.

Follow the steps below to create a port forward under pfsense: (I assume your internal web server has ip address of 192.168.1.1)

After logging into pfsense, goto Firewall --> NAT
NAT Page

Choose Port Forward:, then choose the create button from the right hand side: Port Forward mainpage

Create port forward similar to the screen shown below: Create Port Forward

Save the change and you should be ready to go.

Simon MC. Cheng
  • 396
  • 1
  • 6
  • However, I am not port forwarding in this case since pfSense listens on the public IP address. – Jason Aug 09 '16 at 17:50
  • You also need to perform port forwarding to redirect outside traffic to internal web server. Glad to know you have fixed the problem. – Simon MC. Cheng Aug 10 '16 at 03:29
0

Fixed it.

Apparently you have to put the ALLOW rules first then you put in the BLOCK rules when doing firewall rules on the WAN interface.

Jason
  • 3,821
  • 17
  • 65
  • 106