How to block connection from pc1 to pc2 (HELP)
-
If they are in the same subnet it iss not possible.
-
Like UrbanSk, you cannot use pfSense to block a connection if they are in the same subnet on the same switch. You can block traffic if they are in the same subnet on 2 different switches with pfsense between them in bridge mode. Otherwise, you will have to use a local firewall, like iptables for linux or the Windows firewall.
-
Like UrbanSk, you cannot use pfSense to block a connection if they are in the same subnet on the same switch. You can block traffic if they are in the same subnet on 2 different switches with pfsense between them in bridge mode. Otherwise, you will have to use a local firewall, like iptables for linux or the Windows firewall.
hi.. Podilarius
It mean ths alternative solution is go for iptable or window firewall ? How to set window firewall ? -
I know this is going to sound sarcastic. But, really, you just enable the service and then turn windows firewall on. This allows RDP and a few other ports access by default. If you want to block an IP completely, just configure to do so. The service is already setup by default for Windows 7 and 8.
-
I know this is going to sound sarcastic. But, really, you just enable the service and then turn windows firewall on. This allows RDP and a few other ports access by default. If you want to block an IP completely, just configure to do so. The service is already setup by default for Windows 7 and 8.
Thanks Bro, I will try….
-
If you do not understand how to use/configure the built in firewall on a windows system. Your questions would be better directed towards a windows support board vs pfsense board.
As stated pfsense can not filter traffic between 2 pcs on the same subnet - traffic between them would never touch pfsense. Unless as stated they were on different switches/interfaces and pfsense was bridging the traffic between them or the pcs were on different network segments and pfsense was routing the traffic between the segments.
-
If you do not understand how to use/configure the built in firewall on a windows system. Your questions would be better directed towards a windows support board vs pfsense board.
As stated pfsense can not filter traffic between 2 pcs on the same subnet - traffic between them would never touch pfsense. Unless as stated they were on different switches/interfaces and pfsense was bridging the traffic between them or the pcs were on different network segments and pfsense was routing the traffic between the segments.
johnpoz ,
Podilarius,Can you these 2 hero member, assist me to setup pfsense ? I prefer use pfsense to block the traffic / connection between pc1 and pc2
((Unless as stated they were on different switches/interfaces and pfsense was bridging the traffic between them or the pcs were on different network segments and pfsense was routing the traffic between the segments.))Appreciated….
Cheer
Billy -
Well, which way do you want to go. using different subnets on different interfaces is the way to go. It uses less resources.
-
So you have 2 computers?? And you want to put them on different segments? Or do you have other machines as well? Do they need to talk to pc1 or pc2?
Why do you need to block connectivity between these 2 pcs? Curious?
-
Well, which way do you want to go. using different subnets on different interfaces is the way to go. It uses less resources.
podilarius,
using different subnet on different interfaces, as u suggest. Kindly please post some screen shot to me.
-
And does your pfsense box have an extra interface?
How are you PCs connected to pfsense now, I have to assume a switch is connected to lan interface of pfsense?
-
So you have 2 computers?? And you want to put them on different segments? Or do you have other machines as well? Do they need to talk to pc1 or pc2?
Why do you need to block connectivity between these 2 pcs? Curious?
johnpoz
Actually I had 17 client computer, 1 pfsense firewall and 1 game server. I am operate cyber business some games I need to block not allow children to play. Any solutions for me ?
-
And does your pfsense box have an extra interface?
How are you PCs connected to pfsense now, I have to assume a switch is connected to lan interface of pfsense?
Yes it is connected pfsense and I had wan , lan 1 lan2
-
So you have 17 computers, connected how to pfsense? Are there switches connected to both lan1 and lan2? Or just switch connected to lan1
So the games aer on this game server, and you want 1 of the 17 machines not to be able to talk to the game server? It would be much easier to just block this IP or ports on your games from this 1 machines IP at the local firewall of the game server than a reconfig of your network to place this 1 game server on its own segment?
-
You can also use VLANs on the LAN side to create multiple "subnets" without them being able to get to other subnets via an IP change. Certainly a more complex setup.
johnpoz - This is why I suggested using the Windows FW or using IPTables, it is is a linux system. There are many ways to do this, but a local FW on the game server is the easiest. going multi-subnet or multi-vlan is more complex. -
I agree local host firewall is the easiest method without having to teach him networking ;)
Trying to understand why he thinks he even needs to filter traffic, and what he wants to accomplish - clearly he has more than 1 PC.
I am very curious is how these people get/find go with a product like pfsense when they don't even seem to know basic concepts. It for sure is a testament to the ease of setup of pfsense to be sure. Like that thread where person was ticked that dns was listening on interfaces and recursive. Do you really think users that don't understand pcs on same segment don't talk to the gateway would know what services they need to turn on and what interfaces to listen on for internet to work ;)
-
So you have 17 computers, connected how to pfsense? Are there switches connected to both lan1 and lan2? Or just switch connected to lan1
So the games aer on this game server, and you want 1 of the 17 machines not to be able to talk to the game server? It would be much easier to just block this IP or ports on your games from this 1 machines IP at the local firewall of the game server than a reconfig of your network to place this 1 game server on its own segment?
johnpoz
I am using 24 port dlink switch connect to those 17 pc. The switch connect to Lan1
(you want 1 of the 17 machines not to be able to talk to the game server? ) YES
I tried to block the client IP n source port but fail.
The local games server not able to turn on firewall.
-
"The local games server not able to turn on firewall. "
Well I would suggest you fix that, and then you can block what you want.
-
You can also use VLANs on the LAN side to create multiple "subnets" without them being able to get to other subnets via an IP change. Certainly a more complex setup.
johnpoz - This is why I suggested using the Windows FW or using IPTables, it is is a linux system. There are many ways to do this, but a local FW on the game server is the easiest. going multi-subnet or multi-vlan is more complex.podilarius
I will try to follow your vlan solution. I really need to block it in behind the games server it is more practical. By the way do you know how to setup IPtable ?
-
so the game server is linux? Then I would suggest you install webmin on it, this gives you an easy to use and understand graphically interface to your firewall (iptables)
So does your switch support vlans? Your going to have to connect the server you want to block to your other lan port as the easier option. But what your doing it much easier with just a host firewall. Now if you had bunch of servers that you wanted to control access from your clients then sure put all the servers on segment 1, and clients on segment 2 and then you could use pfsense to control access.
But you got 1 server and 1 client you need to filter - this is easier done on the 1 server.
