Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Q: How allow single IP

    Firewalling
    3
    9
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ahmadhassan
      last edited by

      I use pfsense 2.3.2 with opendns, and I follow steps at this topic https://forum.pfsense.org/index.php?topic=112288.0
      Now I need allow single IP to access all site.
      How can do it

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        Do you mean you need just a single external IP needs to access all sites you're hosting behind your firewall, or that you need a single IP on your LAN to have access to all sites on the internet? The first option requires you to create a port-forward to each of your internal hosts which serve your sites. The second option (simpler) is a straightforward allow rule with source IP the LAN address of your allowed host, with a block rule set just after that.

        1 Reply Last reply Reply Quote 0
        • A
          ahmadhassan
          last edited by

          @muswellhillbilly:

          Do you mean you need just a single external IP needs to access all sites you're hosting behind your firewall, or that you need a single IP on your LAN to have access to all sites on the internet? The first option requires you to create a port-forward to each of your internal hosts which serve your sites. The second option (simpler) is a straightforward allow rule with source IP the LAN address of your allowed host, with a block rule set just after that.

          Thanks muswellhillbilly for reply

          Yes I need option 2: IP form LAN can access all sites on the internet.

          Another Q: I have Static IP in my network put at DVR and Server to can I access for this static plug direct third cable from router to switch, for any reason "power failure" first PC in network open get static IP and make problem. resolve when restart switch or restart all PC in network. "How can resolve automatic this problem"

          Also I need easy way to block Hotspot Shield and Ultrasurf

          Attach pic from rule

          asdasd.JPG_thumb
          asdasd.JPG

          1 Reply Last reply Reply Quote 0
          • M
            mauroman33
            last edited by

            To prevent IPs other than the one in the second pass rule (192.168.1.101) can reach Internet, you should disable the final two pass rules present in your list.

            1 Reply Last reply Reply Quote 0
            • A
              ahmadhassan
              last edited by

              @mauroman33:

              To prevent IPs other than the one in the second pass rule (192.168.1.101) can reach Internet, you should disable the final two pass rules present in your list.

              When I disabled the final two rule all user can't access any site on the internet, only the user have rule pass can access.
              I need all user access the internet with restriction "opendns" rule and  only user such as pass rule (192.168.1.101) can reach any site Internet.

              Also need some answer for this questions:

              Q: I have Static IP in my network put at DVR and Server to can I access for this static plug direct third cable from router to switch, for any reason "power failure" first PC in network open get static IP and make problem. resolve when restart switch or restart all PC in network. "How can resolve automatic this problem"

              Also I need easy way to block Hotspot Shield and Ultrasurf

              1 Reply Last reply Reply Quote 0
              • M
                mauroman33
                last edited by

                @ahmadhassan:

                @mauroman33:

                To prevent IPs other than the one in the second pass rule (192.168.1.101) can reach Internet, you should disable the final two pass rules present in your list.

                When I disabled the final two rule all user can't access any site on the internet, only the user have rule pass can access.
                I need all user access the internet with restriction "opendns" rule and  only user such as pass rule (192.168.1.101) can reach any site Internet.

                Sorry, I had misunderstood your question.
                If you want to allow to that specific IP to bypass the preconfigured pfSense DNS by changing its local DNS, you should add another rule at the top.

                ![DNS rules.png](/public/imported_attachments/1/DNS rules.png)
                ![DNS rules.png_thumb](/public/imported_attachments/1/DNS rules.png_thumb)

                1 Reply Last reply Reply Quote 0
                • A
                  ahmadhassan
                  last edited by

                  Sorry, I had misunderstood your question.
                  If you want to allow to that specific IP to bypass the preconfigured pfSense DNS by changing its local DNS, you should add another rule at the top.

                  I already add pass rule add top if you look attach in post no. 3, but can't open Facebook such as.

                  And if you have answer for this questions:

                  I have Static IP in my network put at DVR and Server to can I access for this static plug direct third cable from router to switch, for any reason "power failure" first PC in network open get static IP and make problem. resolve when restart switch or restart all PC in network. "How can resolve automatic this problem"

                  Also I need easy way to block Hotspot Shield and Ultrasurf

                  1 Reply Last reply Reply Quote 0
                  • M
                    mauroman33
                    last edited by

                    @ahmadhassan:

                    I already add pass rule add top if you look attach in post no. 3, but can't open Facebook such as.

                    And if you have answer for this questions:

                    I have Static IP in my network put at DVR and Server to can I access for this static plug direct third cable from router to switch, for any reason "power failure" first PC in network open get static IP and make problem. resolve when restart switch or restart all PC in network. "How can resolve automatic this problem"

                    Also I need easy way to block Hotspot Shield and Ultrasurf

                    You're right, there is already the pass rule…  :o
                    I tried it and it works for me, it might be because I'm not using a dynamic dns with web filtering as OpenDNS.
                    I'm sorry but I don't know how to bypass it and I cannot help you with your other question.

                    1 Reply Last reply Reply Quote 0
                    • A
                      ahmadhassan
                      last edited by

                      @mauroman33:

                      You're right, there is already the pass rule…  :o
                      I tried it and it works for me, it might be because I'm not using a dynamic dns with web filtering as OpenDNS.
                      I'm sorry but I don't know how to bypass it and I cannot help you with your other question.

                      Thanks, but I use static IP for opendns

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.