Home Lab configuration: block clients from accessing routable networks
-
Hi all,
new here, new to pfSense.
I have a virtualized pfSense vm with two interfaces: WAN and LAN. WAN interface is connected to my home network 192.168.0.0 /24 while LAN is connected to 10.0.0.0 /24 dedicated to the other VMs.
My goal is very simple (at least in my mind): the VMs in the LAN network should be blocked from accessing the internet. Any other traffic between my home network devices on the 192.168.0.0 and the VMs on 10.0.0.0 should be allowed.
So I thought about configuring few rules:
BLOCK - LAN interface - source ANY - destination NOT 192.168.0.0 /24 and NOT 10.0.0.0 /24I hoped that this way any traffic generated on the LAN interface and destined to the internets would be blocked. But so is not. After applying this rule I can still ping the internets from my VM in 10.0.0.0 /24
Any idea of what I'm doing wrong?
Many thanks
-
did you put the rule it needs to be above other rules that would allow.
Also curious are you natting from your lan to you wan? If your wanting to use pfsense as router/firewall between your rfc1918 networks there is no reason to nat.. But out of the box pfsense would nat. What did you use for the protocol on your block rule.. Default when you create a new rule to tcp… Which would allow icmp.
