• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Restrict Access to Local Network Servers

Scheduled Pinned Locked Moved Firewalling
5 Posts 3 Posters 1.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    Bambos
    last edited by Bambos Apr 14, 2022, 2:44 PM Apr 14, 2022, 2:24 PM

    Hello everyone,

    Is it possible to block access to my servers within the same local LAN ??
    For example now i'm trying to block myself from accessing the fileserver but is not working. It seems that pfsense is evaluating the rule when traffic change interfaces ??? Is this correct or i'm doing something wrong ? What is reccomended to achieve this restriction ?

    On the example below, i have the rule as above as possible on the table (to evaluate before everything else) and is not blocking me. im 192.168.6.50.

    4a621f31-d668-4e05-acd3-a6a7903e48aa-image.png

    Any suggestions ?

    V 1 Reply Last reply Apr 14, 2022, 2:57 PM Reply Quote 0
    • V
      viragomann @Bambos
      last edited by Apr 14, 2022, 2:57 PM

      @bambos
      No, traffic between devices within the same subnet doesn't pass pfSense. So pfSense cannot affect it.
      You can only configure the firewalls on devices accordingly.

      Therefor when setting up a network you should put devices with the same potential risk into the same network segment, e.g. all web servers in one, database servers in another one segment.

      B 1 Reply Last reply Apr 14, 2022, 3:41 PM Reply Quote 1
      • B
        Bambos @viragomann
        last edited by Apr 14, 2022, 3:41 PM

        @viragomann Thank you !!!

        What about this ?? my guest internet only access can block pfsense gui on gateway 192.168.8.1 so guest people can't see the login of pfsense.

        Why this rule is working , while is still on the same subnet ?

        440be054-5b8e-4967-96e5-044a70a1ccd5-image.png

        J 1 Reply Last reply Apr 14, 2022, 4:01 PM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @Bambos
          last edited by Apr 14, 2022, 4:01 PM

          @bambos said in Restrict Access to Local Network Servers:

          while is still on the same subnet ?

          Because your trying to talk to pfsense, which is running a firewall - and it sees the traffic.

          When 192.168.6.50 tries to talk to 192.168.6.10 - pfsense never sees this traffic - so how could it block it or allow it even?

          Pfsense blocking access to itself would be like you running a firewall on 6.10, it could prevent 6.50 from talking to it. But pfsense at 6.1 would never see that traffic..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 1
          • B
            Bambos
            last edited by Apr 15, 2022, 4:50 AM

            @viragomann @johnpoz thanks a lot guys !! you always been very helpful last 2 years. I almost learn how to configure pfSense 🦆

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received