Book Image

Mastering pfSense - Second Edition

By : David Zientara
Book Image

Mastering pfSense - Second Edition

By: David Zientara

Overview of this book

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.
Table of Contents (15 chapters)

Troubleshooting

If you have created a 1:1 NAT or Port Forwarding entry and it does not have the expected effect, then there are several possible causes:

  • You may have misconfigured the NAT entry
  • The NAT entry may be configured correctly, but something else necessary for NAT to work was misconfigured (such as a firewall rule or a virtual IP address)
  • There may be a software misconfiguration (such as port forwarding for a web server may be configured correctly, but the web server itself may be misconfigured)
  • The issue may be beyond your control (such as, your ISP blocking a port)

As an initial step, you may want to try to access the resource locally (keeping in mind that if we are remapping the port from one port number to another, use the port number of the port on the local node hosting the resource). Use the local IP address of the node, even if you have NAT reflection enabled...