block traffic between interfaces [Solved]
-
Hi,
I have configured pfsense firewall with one WAN, one LAN, and one OPT1 interfaces and what i noticed is there is no restrictions between the internal inetrfaces both networks are communicating. and i want to block communication between these two internal interfaces.
-
one way to do this:
Create an alias for the RFC1918 network ranges. Call it private_networks and include the following ranges:10.0.0.0/8
172.16.0.0/12
192.168.0.0/16create a firewall rule on top of everything on the LAN and on the OPT1 tab with block and destination "Single host or alias" > private_network
-
Created rule as per your sugestions but still no luck
-
Seems its working but lost internet connectivty for both networks
-
do you have a public ip on your wan or is it behind another modem/router with 192.168.x.x network?
-
Its connected through router there is no Public IP.
Now its working after changing the rule order for both the networks.
but not able ping own gateway ips as well. -
modify the alias to be more specific, put inside only the network you have for the LAN and for the OPT1 interface
-
this is the rule which i have created as per your advice.
-
Alias Internal_default_Addr
-
But not able to ping own gateway IP.
Ex: if my lan network is 192.168.1.1/24 i am not able to ping 192.168.1.1 from the same notwork. -
what addresses do you have in the wan, lan and opt1 interfaces?
another way to do that is to make a block rule with destination "OPT1 net" on the LAN tab and one block rule with destination "LAN net" on the OPT1 tab -
WAN Configured as DHCP, WAN IP is 192.168.0.8/24.
LAN Network : 192.168.1.1/24
OPT1 : 192.168.100.1/24 -
maybe it's easier for you: another way to do that is to make a block rule with destination "OPT1 net" on the LAN tab and one block rule with destination "LAN net" on the OPT1 tab
-
Ok Will check.
What if i want to block all ports between these two networks and allow a specific port for a specific service?
Ex : Assume my ftp server is in LAN network and i want to allow only that ftp server with ftp port for OPT1 network . and all other ports should be blocked.
-
This post is deleted! -
@mass said in block traffic between interfaces:
y ftp server is in LAN network and i want to allow only that ftp server with ftp port
for starters set an allow rule for the IP or the alias + port of your ftp server
in front of your block rule ...rules are runnin top to bottom
brNP
-
@noplan said in block traffic between interfaces:
for starters set an allow rule for the IP or the alias + port of your ftp server
in front of your block rule ...
rules are runnin top to bottom
brNPOk
-
@kiokoman said in block traffic between interfaces:
maybe it's easier for you: another way to do that is to make a block rule with destination "OPT1 net" on the LAN tab and one block rule with destination "LAN net" on the OPT1 tab
Yes Its working ,
Thanks a lot -
ftp workin to ?
brNP -