From the course: Complete Guide to Open Source Security
Accessing the DMZ via pfSense
From the course: Complete Guide to Open Source Security
Accessing the DMZ via pfSense
- We're on our LAN client 01 workstation. So let's check what we can and can't do with pfSense in place. The first thing we'll do is enter a search for hang gliders. Okay, we're navigating through the firewall to the internet and we'll go to 10.0.1.2 and we're navigating through to our DMZ website and 172.16.1.2 and we can access the file server. So far so good. The only thing left for us to do is to access the web server from the WAN. So let's open the admin panel, https://172.16.1.1 and we'll sign in with admin, pfsense. Okay, we don't need to use the wizard because we've set up pfSense mostly. So we'll just go to the Interfaces, WAN, and the one thing we want to do is to remove the blocks to Bogon networks in network and private networks and we'll apply changes. And we'll go to the OPT1 interface and we'll change the name to DMZ and we'll save and we'll apply changes. Okay and we can change the password in the User Manager to get rid of the NAG, admin, admin. At this stage, the firewall won't allow any traffic to come into the DMZ or the LAN, so we need to set up some traffic flow rules through the firewall. The first thing we'll do is to allow ICMP to the firewall from our WAN subnet. So with no rules in place, if we try and ping 192.168.1.45, we get no response. So let's go into Firewall, Rules and we're on the WAN screen We'll add a rule on the WAN interface, we'll change the protocol to ICMP and we'll change the destination to WAN address and the description, to allow ping, and save and we'll apply the changes. So back in our command shell and we can now ping. The next rule we'll add is to redirect any HTTP traffic coming to the firewall into the DMZ. We'll select Firewall, NAT, Port Forward, and we'll add a rule. We'll select TCP as the protocol and the destination as This Firewall. The destination protocol will be HTTP. So anything coming to this firewall on HTTP, we want redirected to the address 10.0.1.2 and we want the redirection to be again on HTTP. And for this we'll put in a description of Proxy web and save it and apply. We will check our firewall rules and we can now see that we have an additional rule added for the WAN to allow HTTP through to 10.0 1.2. Let's use a browser on the outside to navigate to our web app via the firewall and we'll go to http://192.168.1.45/gym and we can navigate to our web application. We've successfully installed a pfSense firewall and set it up to manage a DMZ and the LAN subnet. Opensense is a fork of pfSense. Installing Opensense offers pretty much the same features as pfSense and is a very similar installation process, but with a more modern interface. However, it's significantly more difficult to set up and it's not as stable as pfSense, so we won't be bothering to install it.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
A survey of open source firewalls3m 6s
-
(Locked)
The basics of firewall operation1m 54s
-
(Locked)
Installing pfSense5m 6s
-
Accessing the DMZ via pfSense5m 29s
-
(Locked)
Installing the IPFire firewall5m 17s
-
(Locked)
Up and running with IPFire2m 29s
-
(Locked)
Installing NethSecurity7m 28s
-
(Locked)
Configuring the zones3m 32s
-
(Locked)
Configuring the NethSecurity lab2m 32s
-
(Locked)
Opening up the file server3m 57s
-
(Locked)
Activating the LAN DHCP1m 30s
-
(Locked)
-
-
-
-
-
-
-
-
-
-