PFsense homelab firewall – Part3

HomeLab network topology:
  • LAN01 – isolated network (behind firewall) – 192.168.137.X/24 – LAN interface on firewall
  • GW01 – open network – 192.168.1.X/24 – WAN interface (it is my home network)
  • – firewall IP in LAN network
  • – firewall IP in WAN network
  • – vCenter server

After PFSense homelab firewall – Part1 and PFSense homelab firewall – Part2

Is a time to do some basic configuration,

In a first instance add route into workstation which you are working from to reach network behind firewall\router. Below example how to add route on Linux system.

Add alias to firewall

Aliases makes easier to mange firewall rules.

  • Go to Firewall – Alias – Add alias
Add alias in firewall

Add alias in firewall

Remove FW rule which blocks private networks.

By default on pfSense has  rule on firewall which blocks all traffic from private IP addresses which comes from WAN interface. In my configuration WAN interface is not exposed to internet and all traffic are from local networks. Go to Interface –> WAN and uncheck Block private networks.

enable traffic from local networks on WAN interface

enable traffic from local networks on WAN interface

Add FW rule to pass by all traffic from WAN to LAN
  • Go to Firewall – Rules -WAN tab – Add rule button
IP FW rule pfsense

IP FW rule pfsense

  • Save and apply changes

If it works, remove ANY-ANY rule and create custom rule, for example, RDP service to vCenter server

  • Go to Firewall – Rules -WAN tab – Add rule button
  • provide necessary information
  • save and apply configuration

list of firewall rules pfsense

Artur Krzywdzinski

Artur is Consulting Architect at Nutanix. He has been using, designing and deploying VMware based solutions since 2005 and Microsoft since 2012. He specialize in designing and implementing private and hybrid cloud solution based on VMware and Microsoft software stacks, datacenter migrations and transformation, disaster avoidance. Artur holds VMware Certified Design Expert certification (VCDX #077).