Differences

This shows you the differences between two versions of the page.

--- pfsense:install_pfsense:create_firewall_aliases [2020/12/01 12:24] – [Define Alias for Other Ports allowed to communicate between internal subnets] peter
+++ pfsense:install_pfsense:create_firewall_aliases [2022/10/20 09:07] (current) – [Define Alias for Printers] peter
@@ Line 15: / Line 15: @@
 Click **Add**.
-  * Name = LOCAL_SUBNETS
+  * Name:  **LOCAL_SUBNETS**.
-  * Description = local subnets
+  * Description:  **local subnets**
-  * Type = Networks
+  * Type:  **Networks**.
-  * Network = 192.168.0.0
+  * Network:  **192.168.0.0**.
-  * CIDR = 16
+  * CIDR:  **16**.
-  * Comment = LAN (192.168.0.0 - 192.168.255.255)
+  * Comment:  **LAN (192.168.0.0 - 192.168.255.255)**.
 Click **Save**.
+<WRAP info>
+**NOTE:** Other local subnets could also be included if they are used such as:
+  * 10.0.0.0/8
+  * 172.16.0.0/12
+</WRAP>
 ----
+===== Define Alias for Printers =====
+Create an alias to define the printers we are using.
+Navigate to **Firewall -> Aliases -> IP**.
+Click **Add**.
+  * Name:  **PRINTERS**.
+  * Description:  **local subnets**
+  * Type:  **Host(s)**.
+  * Network:  **192.168.1.100**.
+  * Comment:  **HP Officejet Pro 8620**.
+Click **Save**.
+<WRAP info>
+**NOTE:** This alias will be used in firewall rules to grant users of other VLANs access to the Printers:
+</WRAP>
+----
+<WRAP center round todo 60%>
+The other aliases below here still need to be worked out properly, so ignore for now.
+</WRAP>
+----
 ===== Define Alias for Ubiquiti =====
@@ Line 100: / Line 137: @@
 Click **Add**.
-  * Name = **Chromecast_Ports**.
+  * Name:  **Chromecast_Ports_TCP**.
-  * Description = Chromecast_Ports.
+  * Description:  Chromecast_Ports_TCP.
   * Type:  **Ports**.
   * Ports(s):
-    * 8008, 8009, 5556, 5558, 5353 : Chromecast Ports.
+    * 8008, 8009 : Chromecast Ports.
+    * 8443 : Required for the Google Home app on Android.
+----
+Click **Add**.
+  * Name:  **Chromecast_Ports_UDP**.
+  * Description:  Chromecast_Ports_UDP.
+  * Type:  **Ports**.
+  * Ports(s):
+    * 1900 : SSDP.
+    * 5353 : Bonjour services/discovery.
+    * 5556, 5558 : Videostream Ports.
+    * 32768:61000 : Chromecast Ports.
+<WRAP info>
+  * Allow both TCP ports 8008 and 8009 outbound to the Chromecast device.
+  * Allow high UDP ports both incoming and outgoing. "High ports" are the local ports usually ranging 32768-61000.
+  * Allow the special SSDP packets outbound (which is UDP traffic to the multicast IP 239.255.255.250, destination port 1900) which is used to check for other Google devices in the same network.  Google devices reply with the Source IP to this packet.
+See:  https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/chromecastDG76/ChromecastDG76.html
+See:  https://help.ui.com/hc/en-us/articles/360001004034-UniFi-Best-Practices-for-Managing-Chromecast-Google-Home-on-UniFi-Network
+</WRAP>
 ----
@@ Line 171: / Line 233: @@
   * Name = **Allowed_OUT_Ports_WAN**.
-  * Description = Allowed WAN Ports.
+  * Description:  **Allowed WAN Ports**.
   * Type:  **Ports**.
   * Ports(s):
@@ Line 200: / Line 262: @@
 </WRAP>
+----
+Return to [[PFSense:Install pfSense|Install pfSense]] or continue to [[PFSense:Install pfSense:Create Firewall Rules|Create Firewall Rules]].
+----