Block private network except…..

rexster · Jun 21, 2006, 3:33 AM

i have adsl modem router with internal ip 10.0.0.2
say, my pfsense's wan have 10.0.0.3 (both private network)

so, i want to activate this block private network,
with one exception, if source from gateway (10.0.0.2)

i try to create a rule to allow connection from 10.0.0.2,
but, the rule is on the bottom and i cannot move it to the top.

so, any easy way i can do this?

tia
rex

hoba · Jun 21, 2006, 4:19 AM

To move a rule singleclick on it (there will be a check in the box in front of the row and the line will be highlighted yellow). Then click the [<] icon right of the line with the rule the highlighted rule should be put above. You also might need to disable "block private networks at wan" at interfaces>wan to make this work.

Btw, what kind of connections do you expect to originate from your modem back to your LAN?

rexster · Jun 21, 2006, 4:25 AM

yes i know how to move rules.
but, these special rules created by pfsense itself cannot moved anywhere.

i want to do port forwarding.
i expect connection like this:
wan>>modem>>pfsense>>server

hoba · Jun 21, 2006, 4:27 AM

Portforwarded connections will still originate from the public IP of the host that is sending the request. Connections are only natted outbound (internal IP of server is replaced with WAN IP of the natting device). No need for this rule.