Netgate 2100 - setup question
-
This post is deleted! -
-
That will work. I would set the protocol to 'any' though to include ping etc.
-
-
Yeah, you have to test from a device in the IOP4 subnet. Pings generated from pfSense itself do not get filtered by those firewall rules. Only outbound rules would be applied and by default everything is allowed outbound.
Steve
-
-
@netboy Able to ping from 192 subnet to 172
I think I have to thank everybody in this forum. Netgate 2100 Max is a fantastic router though pricey.
I shall seek further help if need be.
Thank you everybody
-
@netboy I am documenting below "how I made my printers work over the network in windows 10"
My printers are in 172.16.0.XXX subnet and my computers are in 192.168.0.XXX subnet. 192.168.0.XXX can talk to (ALLOW) 172.16.0.XXX but not vice versa.
The first thing I did was connected my computer to 172 subnet and configure the printers.
I then connected my computers to 192 subnet and used the windows tool to configure TCP/IP printers and gave the "static" IP address of the printers and it worked.
-
@netboy I am back! I have one problem. Let me explain.
My NAS has 2 NIC's one on 192.168.0.XXX (PvT) subnet & another172.16.0.XXX (IoT) subnet.
Now I want to:
-
Create a GROUP with a List of MAC address that are in my 172.16.0.XXX (IoT) subnet hat can access my NAS (which is also in 172.16.0.XXX (IoT) ) [ MACgroupAllow ]
-
Firewall rule : ALLOW MACgroupAllow access to my NAS MAC XX.XX.XX.XX and
-
BLOCK all traffic within my subnet 172.16.0.XXX (IoT) in accessing my NAS MAC XX.XX.XX.XX
This is my existing firewall rules in IoT subnet
Does it make sense? I am not sure I have explained my functionality well .
-
-
That would need to be done on the NAS dircetly. Traffic between clients on the IoT subnet and the NAS IP address also in the IoT subnet does not go through pfSense, it just goes directly. So pfSense cannot filter it.
With that said pfSense is a layer 3 firewall so filtering MAC addresses (layer 2) is not something it's is setup to do. You can do something like that by setting fixed dhcp leases for each MAC and then filtering by those IPs. But only for traffic passing the firewall.
Steve
-
@stephenw10 OK got it!
Question.
I want to edit my Hostname and Description on certain MAC's listed under "DHCP Leases" - I am aware you can click the "pencil" icon to the right but I DO NOT want a static IP but only want to edit the Hostname and Description and maintaining the "non-static" nature. How do I go about doing it?
-
You can add a static lease entry without an IP address and it will just use a dynamic IP from the pool. But you end up with two lease entries like:
Steve
-
In my DHCP leases the correct hostname is displayed, so I am wondering, why you want to modify the hostname entry in DHCP leases?
This sounds as all (or at least multiple) devices using the same hostname.
Therefore my approach would be to set the hostnames at the devices in a way so you can differ in DHCP leases which host is actually obtaining a lease.Regards
-
Yes, the hosts usually send the hostname as part of the DHCP request. Setting a description for each host is about the only reason I could imagine doing this.
-
@fsc830 My hostname are blanks and I have no idea what they are?
-
Hostnames are blank!??
Which kind of devices are you using?
Never seen a blank hostname in my LAN. Every new device I installed has had at least some kind of generic name, i.e. Samsung XXX (smartphone) or FOSCAMxyz (IP cam).And usually you can set an individual hostname during setup or later in network/system settings.
Regards
-
@fsc830 FWIW, I just pulled up my leases page at home and the eeros (static lease) have no hostname shown, and 8 other devices (mostly IoT) show the IP in the hostname field.
-
It's quite common for appliance style devices to not send a hostname. Or to send a hostname that doesn't help much. Using static leases with an appropriate description works around that.
-
Thanks for both answers, do not use IoT or appliance style devices here (at least not yet).
Regards
-
N netboy referenced this topic on
