Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    RFC1918 Block private networks and loopback addresses

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 811 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      buurman
      last edited by buurman

      Hi all,

      I have a question. I am new to this forum and very new to pfsense. I've come a long way myself, but I don't understand one thing. And that is checkbox for blocking RFC1918 networks to the WAN:

      Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) and unique local addresses per RFC 4193 (fc00::/7) as well as loopback addresses (127/8). This option should generally be turned on, unless this network interface resides in such a private address space, too.

      So if I understand correctly this will also block a VPN configuration? How can you ensure that a client (RFC1918) can use the VPN tunnel while this checkbox is enabled then?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        You should only usually have that checked on an external interface. You should never see traffic coming from a private IP on an interface that has a public IP.
        The only exception that is if you are double NATed and need to access the pfSense device from a box in the WAN subnet and that is public.

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.