Make PfSense Firewalla as a normal router firewall?
-
Then do something like this
See my ! locals, this says NOT these networks. And my alias lists my local networks (yours would be your vlans). So this rules says hey you can go anywhere you want, as long as its not the other networks segments.
-
Ok Mr john pox…
This would work on a standard lan exp.. 192.168.100.1/24 single lan.
Keeping lan users basically from seeing other local users at the current time they are on line? -
Dude you can not keep lan users from talking to each other, pfsense is not even in the mix when lan users are talking to each other. But you can keep different lan segments from talking to each other.. Ie your wireless from talking to your wired, or your dmz from talking to either your wired or wlan, etc.
Who do you not want talking to each other?
-
Ok… We want users to have inbound outbound to web only as a "Hot Spot" application.
-
Yeah what does that have to do with users talking to each other? You want client isolation ie all users on 192.168.x.0/24 from talking to each other - that are wired??
So example pfsense is 192.168.1.1, and client A is 192.168.1.2 with gateway of 192.168.1.1 (pfsense) and dns of pfsense 192.168.1.1 as well… And you have client B that is 192.168.1.3 with all the same settings. And you don't want 192.168.1.2 talking to 192.168.1.3 ??
And they are wired to some switch - or are they connected via wireless.. Is pfsense the wireless AP, or some other AP providing wireless that is connected to your 192.168.1.0/24 network?
edit: Dude I just noticed your not the OP -- Create your own thread, your question has nothing to do with the OP multi segmented network.
-
Gee!!!! Sorry to Offend You!,!!!
But the original thread is what started this thought an topic!!My Censorious Apologies to have Offended You!!
-
you didn't offend me.. Its just your request is not related to the OP topic in the slightest. From what I can make out.
-
But im lookin for a solution like a normal router where port 80 is blocked out -> inside and opens up when Inside -> outside and can return data when this connection is made. So it actualy work as a normal router.
This what I was basing my inquires on!
-
From the original post…...
We have been using pfsense for about -+3 years.
We have a small no of installs..
I have not been an active member of the forum.
Our past admin person for pfs has moved on.
I am tired of being 100% dependent of others that are of little integrity !
That is one reason I have taken to forum to try to learn an catchup.
Been a while since I started IBM 029... first..So. Please understand I did ask in relations to what I had read.
That is the reason for this forum to read, possibly gleam, an respond, or even dream an imagine a possibility. -
"Keeping lan users basically from seeing other local users at the current time they are on line?
And how is one suppose to ascertain that from your above statement?
Out of the box pfsense blocks ALL inbound traffic, ie the OP comment and only allows inbound traffic that is in answer to what the client requested that is on the inside of pfsense.
If you want to block outbound traffic, to specific ports then block them..
The default rules allow all traffic outbound from the default lan.. If you want to only allow specific ports, then create allows for the ports you want, then create a block rule. But again how does that have anything to do with your first statement?
The OP asked this
"on every vlan. VLAN10 is then abel to reach VLAN5 on this port. But i want to close each VLAN down so they cant access eachother but still have access to the internet?"And I showed him how to accomplish that.. Are you asking a question or trying to provide a solution to the OP? Because its not clear.. And its not possible to block users on the same segment that is connected to pfsense from talking to each other.. Since pfsense is a gateway off that segment, it is not between every device on the network.. Devices only talk to pfsense when they need to get off the segment, not when talking to other devices on the same segment.. Which the OP never even asked that question - he clearly has multiple segments. From his vlan 5 and vlan 10 comment.
