Setup of diffrent LAN
-
Hello!
I need help to configure the firewall rule.
I have three LAN interfaces.
Interfaces:
LAN
DMZ (OPT1)
Guest (OPT2)I want to block connection from
Guest to DMZ & LAN
DMZ to Guest.All of interfaces have web access.
LAN is only the interface that can connect to Guest & DMZ.How can I do this?
Guest nettwork:
Function: Prot: Source: Port: Destination: Port: Gateway:
Block * Guest net * LAN net * *
Block * Guest net * DMZ net * *
Pass * Guest net * WAN net * *DMZ nettwork:
Function: Prot: Source: Port: Destination: Port: Gateway:
Pass Both Wan Net 21 172.16.10.2 21
Block * DMZ net * WAN net * *I need some advice
-
Rules are applied inbound on an interface.
So a rule with as source "Wan Net" on the DMZ interface will do absolutely nothing.
Also Destination: "Wan Net" means exactly that: The destination has to be in the subnet of the WAN.
–> This is not the internet.pfSense per default blocks everything.
So instead of blocking everything before the allow rule, you can do it reverse.Also you can make everything a lot easier with aliases:
http://forum.pfsense.org/index.php/topic,14989.0.html