CP and LAN accessible once authenticated
-
Hello,
there's something wrong with my setup, once users are authenticated via the CP listening on GUESTS interface they can access resources on LAN side.I have 3 NICs (LAN,GUESTS,WAN), on GUESTS side I have the attached rules.
No rules on LAN except default anti-lockout rule.
On a remote machine on LAN subnet I can see traffic from pfSense LAN address instead of GUESTS clients IP addresses, so any firewall rule I apply to GUESTS subnet is ignored and traffic not being blocked.
Is this expected?thank you
B.
edit: I'm on 2.0RC3
-
Do you have any nat rules on the GUEST or LAN interface?
-
i have a single TCP port forward from WAN to a GUESTS host, but no NAT rules on LAN/GUESTS and
AONAutomatic Outbound NAT is active -
well, I have transparent proxy enabled too, to log and report CP traffic.
if I turn it off I can no longer access LAN devices, so it's because of it.
is there a rule to avoid this? or maybe I should post this question to a more appropriate section?thanks
-
YEah its not for CP.
Though you can stop this through floating rules with direction out and source pfsense itself.
Or on the proxy just block the LAN sites. -
or even use "Bypass proxy for these destination IPs" and block whole LAN subnet via normal firewall rules.
thanks for the support