2nd LAN Interface to WAN

rtracy

I have a working pfsense firewall in place.  I'm trying to add an additional local interface and give it limited access to the LAN and WAN.  It's a separate interface for all wireless connections.

IPv4* WIRELESS net * This Firewall * * none
Ipv4* WIRELESS net * 192.168.x.x * * none

I can accesses the firewall administration page.  I can access 192.168.x.x.

The only way I can access the Internet / WAN is by adding this rule:

IPv4* WIRELESS net * *  * * none  (As long as "any" is in the destination I have Internet access.)

Or this rule:

IPv4* WIRELESS net *  !LAN net * * none (This allows Internet access as well.)

Anything like this:

IPv4* WIRELESS net * WAN net or address * * none

Does not give me Internet access.

What am I doing wrong?

viragomann

Nothing. WAN net ist the subnet configured on the WAN interface, not the whole internet. WAN address is the WAN interface address.
The whole internet is "!(RFC 1918 networks)".

So add all the addresses you want to permit access to an alias and use this in a pass-rule as dest.

rtracy

Thanks for your help!

@viragomann:

Nothing. WAN net ist the subnet configured on the WAN interface, not the whole internet. WAN address is the WAN interface address.
The whole internet is "!(RFC 1918 networks)".

So add all the addresses you want to permit access to an alias and use this in a pass-rule as dest.