Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking access to self stops internet access

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 4 Posters 506 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dridhas
      last edited by

      Hello all,

      Good day.

      I recently had to recreate a vlan and the dhcp configuration due to when enabling vlanid 24 i wasnt able to get connected via wireless, that got fixed.

      Now, im trying to isolate my IoT network to just be able to reach out to the internet and not being able to connect to my home wifi network (vlan) and to pfsense main ip.

      So far, i was able to block the iot from reaching the other wifi and apparently working fine.

      Now, the moment i enable blocking access to pfsense (self), the network looses access to the internet and not even google.com is being reachable on a web browser (i got connected to it on my phone for testing purposes).

      this is the configuration ive got:
      e5723987-495a-4658-9f90-4d4fd43188e2-image.png
      174088ce-4319-476a-a2fe-419c54cd510a-image.png

      The moment i disable this rule, i have access to the internet, otherwise i'm loose access.

      Would any of you be able to help out on this, i'm sure its something simple, but i'm lost at the moment.

      Thanks in advance!

      J S 2 Replies Last reply Reply Quote 0
      • J
        Jarhead @dridhas
        last edited by

        @dridhas Add an allow rule above it for DNS. You can use the interface for destination.

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @dridhas
          last edited by

          @dridhas What Jarhead said, or else block to This Firewall on ports 22/80/443.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote ๐Ÿ‘ helpful posts!

          1 Reply Last reply Reply Quote 0
          • D
            dridhas
            last edited by

            Thank you for the replies.

            I was able to block access to the firewall by blocking the custom port ive got setup for the main gui. ๐Ÿ˜„

            Thank you!

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @dridhas
              last edited by

              @dridhas If you want to lock down a network/vlan normally you would allow only what you want..

              Here is an example of a locked down network.

              lockdown.jpg

              So can ping the firewall, great for checking connectivity.. So things might ping their gateway in a test of connectivity, etc.

              Allow dns and ntp

              Then block all access to any firewall IP on anything else.. Block access to any other rfc1918 networks via an alias - this blocks access to other networks/vlans you might have.

              Then last rule allows anything else - ie internet.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.