Firewall question

robfantini · December 29, 2021, 8:29am

I think we may have something mis configured.

our set up is : internet <—> pfsense <—> Lan including freepbx .

at pfsense we limit addresses and ports that have access to freepbx. also remote phones use openvpn at pfsense

at freepbx eth0 has the IP 10.1.4.17

at settings > firewall > networks 10.0.0.0/8 is set to trusted

at settings > firewall > interfaces eth0 is set as “local (Local trusted traffic)”

My question is: should eth0 be changed to “Internet (Default Firewall)” ? I think that is needed in case we screw up the firewall setting or something sometime.

rsmithuk · December 29, 2021, 8:46am

If you have pfsense firewall in front of the PBX then running the FreePBX firewall in addition might complicate things.

If you set eth0 as Local you don’t need to add the local subnet as trusted as it will automatically trust anything on the same subnet.

Setting eth0 as Internet means that you would need to add the local subnet to a trusted zone.

I guess the key thing is to understand what the issue is you are having in the first place.

robfantini · December 29, 2021, 9:22am

Hello Richard

We are not having any issues with our set up. However i am not an expert on security.

I guess I am just looking for other opinions on if our set up is done well for security.

rsmithuk · December 29, 2021, 10:46am

Looks good to me, assuming pfsense is configured correctly then your setup should be fine.

robfantini · December 29, 2021, 12:38pm

Thank you.

system · January 5, 2022, 12:39pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.