Request for examples of working guest network rules

JKnott

@steveits

Is there a list of built in aliases anywhere? I looked in the pfSense book and didn't see one.

DominikHoffmann

@steveits: Is this the change you are thinking I should make?

SteveITS

@dominikhoffmann said in Request for examples of working guest network rules:

@steveits: Is this the change you are thinking I should make?

Yes

SteveITS

@jknott RFC1918 is user created, just a lot of people use that name. Re default, I think it’s just This Firewall, interface IPs, and interface subnets.

mcury

I did like this:

Internal networks contains all my subnets.
Just be sure to assign an external DNS to your GUEST subnet through DHCP and that is it.

DominikHoffmann

@mcury said in Request for examples of working guest network rules:

Internal networks contains all my subnets.

Is your “internal_networks” defined through Interfaces → Interface Groups? It must not be, because as far as I can tell you can’t use an interface group as a destination in a rule.

mcury

@dominikhoffmann Internal networks is a network alias.
Inside of it, I added all my internal networks.

The second rule blocks to this firewall, so GUEST users can't access the firewall (if this rule didn't exist, GUEST users would be able to access pfsense GUI through my WAN IP, which is dynamic).

The third rule allows my users to go to the Internet, do everything they want, using a failover gateway group.

They use external DNS servers assigned by DHCP.

JKnott

@steveits

I know about user created aliases. I'm asking about aliases that are built into pfSense and available without having to create them.

DominikHoffmann

@mcury: I don’t have the ability to create network aliases:

You must have something different. Can you explain exactly, where you set up your network alias?

mcury

@dominikhoffmann

Just include your networks inside of the alias:
Select IP, then there will be a Type field, select Network(s)