conf firewall
TRANSCRIPT
CONFIGURACION PFSENSE PAGINA 7
INTERFACES
NOMBRE DIRECCION IP GW NAME GW IP OBSWAN 200.87.106.98/30 WANGW 200.87.106.97 DefaultADSLAXS 200.105.197.194/29 GWADSLAXS 200.105.197.193LAN 192.168.1.1/23Megalink 192.168.164.17/17 MegalinkGW 192.168.164.1
FIREWALL NAT
If Proto Src. addr Src. ports Dest. addrMEGALINK TCP/UDP * * MEGALINK address
MEGALINK TCP/UDP * * MEGALINK address
WAN TCP * * WAN address
WAN TCP * * WAN address
WAN TCP/UDP * * WAN address
WAN TCP * * WAN address
WAN TCP * * WAN address
MEGALINK TCP/UDP * * MEGALINK address
WAN TCP/UDP * * WAN address
WAN TCP/UDP * * WAN address
WAN TCP/UDP * * WAN address
MEGALINK TCP/UDP * * MEGALINK address
MEGALINK TCP/UDP Agencias * MEGALINK address
WAN TCP/UDP * * WAN address
FIREWALL RULES
WAN
Proto Source Port Destination Port
* RFC 1918 networks * * *
* * * *TCP/UDP * * * 3000 (HBCI)TCP/UDP * * 192.168.1.1 443 (HTTPS)TCP * * 192.168.1.82 *TCP * * 192.168.1.90 22 (SSH)TCP/UDP * * 192.168.1.75 *TCP * * 192.168.1.57 *TCP * * 192.168.1.59 *
Reserved/not assigned by IANA
TCP/UDP * * 192.168.1.78 *TCP/UDP * * 192.168.1.54 *TCP/UDP * * 192.168.1.105 *
LAN
Proto Source Port Destination Port* * * 192.168.169.88 *
TCP/UDP 192.168.1.1 * 192.168.1.1 *
* SalidaAXS_Entel * * ** SalidaIrrestricta * * *TCP LAN net * LAN address ** LAN net * 50.196.75.137 *TCP/UDP * * * 8081TCP/UDP * * * 8087TCP * * 97.74.179.1 21 (FTP)* * * 192.168.200.0/24 ** * * 192.168.10.0/24 *TCP LAN net * * 443 (HTTPS)TCP LAN net * * 80 (HTTP)
MEGALINK
Proto Source Port Destination PortTCP/UDP * * * 1194 (OpenVPN)* 192.168.169.27 * * ** 192.168.166.20 * * ** 192.168.168.11/31 * * *TCP/UDP * * 192.168.1.1 443 (HTTPS)TCP/UDP * * 192.168.1.78 *TCP/UDP * * 192.168.1.59 *TCP/UDP * * 192.168.1.57 443 (HTTPS)TCP/UDP Agencias * 192.168.1.105 *
ALIASES
AGENCIAS192.168.166.20 Agencia Ketal192.168.169.27 Agencia El Alto
SalidaAXS_Entel192.168.0.17 Pibu PC
SalidaIrrestricta192.168.1.90 Baby192.168.1.82 SMTP Perimetral192.168.1.27 Pibu192.168.1.51 AD1192.168.1.71 AD2192.168.1.105 Central Telefonica192.168.0.63 CV192.168.1.75 Share Point192.168.1.130 JM192.168.0.16 LG Pibu192.168.0.11 CS192.168.0.42 Pibu Wireless192.168.1.126 Portatil Edgar192.168.0.17 Portatil Pibu192.168.0.10 pf2192.168.1.112 Ramiro192.168.0.200 pfsense pruebas192.168.0.14 SVR Web192.168.0.85 Pfsense2192.168.0.35 Juane192.168.0.199 Carlos Saravia
Virtual IP Addresses
2do IP AXS 200.105.197.195/29
FIREWALL NAT
Dest. ports NAT IP NAT Ports Description443 (HTTPS) 192.168.1.57 443 (HTTPS)
10443 192.168.1.1 443 (HTTPS)
25 (SMTP) 192.168.1.82 *
2020 192.168.1.90 22 (SSH)
53 (DNS) 192.168.1.75 *
443 (HTTPS) 192.168.1.57 *
21 (FTP) 192.168.1.59 *
3389 (MS RDP) 192.168.1.78 *
3389 (MS RDP) 192.168.1.78 *
80 (HTTP) 192.168.1.54 *
4569 192.168.1.105 *
21 (FTP) 192.168.1.59 *
4569 192.168.1.105 *
10443 192.168.1.1 443 (HTTPS)
FIREWALL RULES
WAN
Gateway Queue Schedule Description
* * Block private networks
* * * Block bogon networks* none* none* none* none* none* none* none
Exchange Megalink
Acceso Consola Megalink
Acceso SMTP Perimetral
SSH Baby
DNS Primario
HTTPs Owa
FTP Agencias
Acceso RDP
Acceso tmp
Acceso Ipad
Entrada IAX Central
FTP TMP
Acceso IAX Agencia El Alto
Acceso Consola
Acceso ntop NAT Acceso Consola NAT Acceso SMTP Perimetral NAT SSH Baby NAT DNS Primario NAT HTTPs Owa NAT FTP Agencias
* none* none* none
LAN
Gateway Queue Schedule Description* none
* none
1AXS_2ENTEL none* none* none* none* none* none* none* none* none* none* none
Gateway Queue Schedule Description* none* none* none* none* none* none* none* none* none
ALIASES
NAT Acceso tmp NAT Acceso Ipad NAT Entrada IAX Central
Acceso a la planta
Acceso Squid desde Dansguardian
SalidaAXS_Entel_Sin_Restriccion SalidaIrrestricta Acceso al Firewall desde LAN Acceso Pagina WEB Acceso INRA Acceso Impuestos Salida FTP Paginasiete.info Acceso VPN USA Salida VPN El Alto Salida HTTPs Salida HTTP
Acceso OpenVPN Acceso Agencia el Alto Acceso Ketal Acceso desde Mercado NAT Acceso Consola Megalink NAT Acceso RDP NAT FTP TMP NAT Exchange Megalink NAT Acceso IAX Agencia El Alto
Virtual IP Addresses
VPN IPSEC
TUNELS
PHASE 1
PHASE 2
Open VPN
SERVER
SHARED KEY
CLIENT
## 2048 bit OpenVPN static key#-----BEGIN OpenVPN Static key V1-----81d1f9e96d56d7e8a23c87302deac9d6e7b7b8bf39abbf7cfa27e4337d9be88ad44688cc800dd16524510b6d67ebfe050cc8fbc9bae21855a6ea77b9fc0b436b3059a0d5aa7eba64238915f6631b654f43387f1c3051bb2aa5cd2253afc4b4a4504b8850d4f53b29537363c8c1e3e00cc4a96d3ad028bf13c87a2fbce2f7488fd915adf8517a59f938783bd39614ff1daf567df0f4845a928c07a0dba6cf8f76bf0afd50fd71c9405259d6f99817737270ba0f65fd1136b9fba27430f38cab7e0fac14c38e055ad640df28413946c5ffa9f8f1832089aec3dd62cad6f6671a88fabfdb717ed8627574c4637cf085371380aee359ab7860c97c5e0a6054e55ece-----END OpenVPN Static key V1-----
SHARED KEY
## 2048 bit OpenVPN static key#-----BEGIN OpenVPN Static key V1-----b8fc1fc023215164c55837453b0067a04068d9b00281e7b6229b428eb7b116253457ac7e25e93ab92befc7e68235e707341123825fc939da5b6156f087aeb7f3ee50f2ab03ed8568c3ca9569a29641af42083b0e053079f883363362c507711f56e62071b0dd9fe071fc51e7859a3bc28bb6b820c6d8138a839d2c1c3dbb308850406ca89f6fee319bd49fb2cbd70f3fdbcf06271575a299a8ccbd598e3b28a9ac37e83bb7b4e2ab39f03dfaaf1232cbe79e7e2e4f48738d98a3e3ad236c220ea593757dbc7a29ab75aec791619125513db14a9387a6f889406fcb38ecdfbb671ebec8db30219df030f688f3ebb1f40ee7e5f9fe0b8ad5cc999dc8f0552736a5-----END OpenVPN Static key V1-----
VPN IPSEC
Open VPN
PROXY GENERAL SETTINGS
General
ACLs
Allowed subnets192.168.0.0/23192.168.10.0/24192.168.11.0/24192.168.169.27/32192.168.166.20/32192.168.169.88/32
General
ACLs
Elegir Squid3 e instalar
