Last updated on 13 February 2025
Hey everyone!
Today I bring you a brief look at one component of a security-based assignment I was working on for my studies. This one focuses on packet filtering via a pfSense firewall with multiple interfaces and interconnected networks.
Check out the video below!
Overview:
- 2 Main web components:
- Database some domain machines can access
- Webserver in a DMZ that external machines can access
- A pfSense router/firewall with rules to allow or block traffic connections
The Database (MySQL) is a part of the XAMPP stack, and can be accessed only by some internal devices via the Apache webserver that it is bundled with. In this deployment, the “Internal Workstation” is denied access and the packets are filtered by the firewall and dropped. The “Admin Machine” is allowed access to it.
The Webserver located in the DMZ can be accessed by both internal and external machines. This is possible by setting up internal firewall access rules, and NAT forwarding to allow the external connections through. With proper configurations, external devices can get redirected to your Webserver.
And finally, the DMZ is a network that sits at the edge of a domain. It is usually accessible by external users and devices, and is usually where web servers and other resources that need external access are placed. Because it is an area where external users are allowed into your internal network, they need additional packet filtering to maintain overall system security. In this deployment, I blocked all access into the rest of the domain through that DMZ network, effectively isolating the DMZ even though it is a part of the network.
Final Words
This is just a demonstration of how you can use pfSense to filter packets to either allow/deny access to devices and even whole networks. If you’d like to see more on pfSense like a basic setup guide or advanced functions, leave a comment!
Thanks for reading! Take care.