Strange things with rules and gateway solved
-
Hi I'm new to firewalls and pfsense.
the project I'm attempting is to replace 2 routers with pfsense and to create a parent filter by ip on kids machinesetup currently working but limited settings
Internet (wifi) –> DDrt-linksys ----> to subnet (A) 192.168.0.0/24 --- web server, ftp, & mail
:
vlanned port 4 of linksys to wan of another router subnet (B) 172.16.0.0/24
with virus scan and dansguardian running of off subnet Aso far got Pfsense loaded and configured with wan, lan and opt1(wireless ap)
the psfense box can ping subnet a and b and wan
opt1 and lan can talk (created a bridge between lan and opt1)wan ip 169.254.100 wangw 169.254.1.1
lan ip 192.168.0.4 this i have set on my machines as there gateway
opt1 ip 192.168.0.25
vlan 10 ip 172.168.0.0/24 on the wan interfacehere is the weird part
no nat port forward or 1:1 or outbound all blankrules
floating no rules
wan no rules
lan default anti-locklan
action pass
interface lan
protocol any
source lan subnet
destination anyopt1
action pass
interface opt1
protocol any
source any
destination any
gateway wangwthat is the settings
problem is that opt1 over wireless gets to the outside (internet ) as long as the gateway is set to wangw
lan can not see out unless i change the gateway to wangw if i remove the gateway from either interface,
that interface can't get out.also my ip from the ISP is a little different do to the wireless setup they have
my ip is static 169.254.1.100
my isp gateway is 169.254.1.1 this set to the wangw
(witch took awhile to figure out it is in bogon list )
also if i go to what is my ip web site i get a different ip 69.49.41.150do i have to manually set the gateway on each interface ? I thought default gateway was the wan interface gateway
all of my servers and subnets work with the old setup
just trying to move to pfsense for more control so i can create another vlan
and subnet that to 192.168.5.0/24 for the kids and run filtering
trying to figure this out getting real confused
I also under stand that i have to port forward all required server ports that shouldn't be a problem i hope