Hi - first love the YouTube channel, very educational.
I am fairly new to PFSense, in the process of setting up a FW that provides VPN service for the entire family, as well as a DMZ where I host a server running a number of services including mail and XMPP.
Got the firewall rules and NAT working - using random high ports for SMPT and IMAP clients for forwarding these to port 25 and 143.
But - I must have enabled something odd - when checking the WAN FW rules today, a number of rules had been added, basically opening ports 25 and 143, forwarding these to … 25 and 143. The rules were created by ‘NAT Port forward’ .
Any clue on why these rules appeared in my firewall ? I do not wish to have low ports that frequently gets scanned and attacked open on my FW.
… one thought - I believe I switched from ‘Manual Outbound NAT’ to ‘Automatic outbound NAT’ - and back yesterday - would this generate rules on the WAN Interface ?
bt.w. Have Suricate enabled with blocking on the WAN interface - and found lots of block today- possibly related to the opened low ports.
I have a NAT rule translating an inbound port of say 22321 to 21 on the Port Forward page.
I then initially must somehow have created a FW rule on WAN allowing traffic to port 21 of the FTP server - the rule I was asking about.
I then later create a rule allowing traffic to port 22321 on the FTP server - thinking the FW rule had to refer to the external port, not the internal- and removed the first rule, which broke FTP access.
I think the confusion comes from when I took my CCSP exam may years ago - belive , at one point, that Cisco FW, used the external port for inbound traffic - but later changed that to the internal port.
Rule restored, FTP working again.
All of that - becomes irrelevant when going through an Onion Service, which establishes connections from inside the FW - but unfortunately stuff like Mozilla Thunderbird 86 does not yet support TOR/Socks 5 proxy.