Firewall permission problems for internet access
-
hi folks, this might be a rather unusual setup but still im hoping that someone can give me a hint…
ive setup pfsense as follows:
WAN - 10.10.1.2/24 -- gateway 10.10.1.1
LAN - 10.10.2.1/24
WLAN - bridged with LANi began with setting the firewall rules to any - any for every interface
and i can successfully ping the WLAN/LAN and WAN subnet aswell as the external internetbut now i want the WLAN network to only be able to access the internet and with selective rules allow access to single hosts in the "WAN" network (eg host 10.10.1.10)
to test i started off deleting the any-any rule for the WLAN interface and added the following to the said interface:
any -> WLAN subnet
any -> LAN subnet
any -> WAN adressthe other interfaces carry on with the any-any rule
now i can ping the hosts in the WLAN and WAN subnet (eg ping to host 10.10.1.10 works) but i cant ping my providers DNS server (ip)
what i also tried is pinging from the diagnostics menu - WAN interface -> DNS server which works
somehow the firewall wont quite understand the last rule correctly, or im doing something rong =)could someone give me any hints to get the internet access working? (without having to use the any-any rule) =P
thank you in beforehand ;D
-
Adding a rule allowing traffic to the WAN address does just that - allows traffic to your WAN IP. You need to change the destination to "any", or not your internal network, or block your other internal subnets before allowing Internet traffic.