Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    This rule is possible with PfSense ???

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      max_firewall
      last edited by

      Hi,

      I'm a new user of PfSense, great product  :) but i have a little bug, i dont understand why i'm not able to talk with the network lan, not with the wan (internet gateway). Something i dont understand …

      What i'm doing is to translate my kerio rules to PfSense, no windoz ... it's a good deal  ;D, free bsd is better!

      This is my setup 4 nic, wan (dhcp), lan 192.168.1.x, lan1 (opt1) 10.1.0.x and lan2 (opt2) 10.2.0.x with NAT for internet.

      When i used the * for destination the rule is good for local lan and internet too, that's a big security risk for me, i tried to find the way to talk with the lan directly, but i dont know how to ...

      The best example it's the hpjet admin, no usefull to pass to the wan and nat, only the lan3, i'm not sure if understand my example, in this way i can split lan rules and nat rules, in pfsense the * it's very wide = any, if you do a rule like Proto tcp, Source lan subnet,Port *, Destination *, Port 80, Gateway *, you can have web access to internet and others lan.

      I hope you can help me ....

      Thank you for your answers

      this is an example of rules (see the photo)
      firewall.JPG
      firewall.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        rules in pfSense are processed from top to down. if a rule catches the rest is not considered.
        you setup rules on every Interface.
        try adding the rules to allow traffic to the other networks first and the rule to get on the internet last.

        example: you want from opt2 access to opt1 but not to internet and lan
        so you add on the opt2 tab a rule like:
        "action:allow ; source:opt2-subnet ; destination: opt1-subnet

        per default pfSense blocks everything except what you allow explicit.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          max_firewall
          last edited by

          Hi GruensFroesch,

          Thank you for your answer and sorry for the delay, i do some tests and i think i found a good way to converting my kerio rules … i can remove the * and have a choice: only local or only internet (or both), the same way of sending to direclty to the lan or internet interface.

          If you see a bug let me know, i'm new user for pfsense  ;D

          Actually, i do a rule for ping, it's the same way for http, ftp, etc, ....

          The last 3 rules do the jobs ...

          Thank you for answer.

          Max_firewall

          fire1.JPG
          fire1.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.