Q: How allow single IP



  • I use pfsense 2.3.2 with opendns, and I follow steps at this topic https://forum.pfsense.org/index.php?topic=112288.0
    Now I need allow single IP to access all site.
    How can do it



  • Do you mean you need just a single external IP needs to access all sites you're hosting behind your firewall, or that you need a single IP on your LAN to have access to all sites on the internet? The first option requires you to create a port-forward to each of your internal hosts which serve your sites. The second option (simpler) is a straightforward allow rule with source IP the LAN address of your allowed host, with a block rule set just after that.



  • @muswellhillbilly:

    Do you mean you need just a single external IP needs to access all sites you're hosting behind your firewall, or that you need a single IP on your LAN to have access to all sites on the internet? The first option requires you to create a port-forward to each of your internal hosts which serve your sites. The second option (simpler) is a straightforward allow rule with source IP the LAN address of your allowed host, with a block rule set just after that.

    Thanks muswellhillbilly for reply

    Yes I need option 2: IP form LAN can access all sites on the internet.

    Another Q: I have Static IP in my network put at DVR and Server to can I access for this static plug direct third cable from router to switch, for any reason "power failure" first PC in network open get static IP and make problem. resolve when restart switch or restart all PC in network. "How can resolve automatic this problem"

    Also I need easy way to block Hotspot Shield and Ultrasurf

    Attach pic from rule




  • To prevent IPs other than the one in the second pass rule (192.168.1.101) can reach Internet, you should disable the final two pass rules present in your list.



  • @mauroman33:

    To prevent IPs other than the one in the second pass rule (192.168.1.101) can reach Internet, you should disable the final two pass rules present in your list.

    When I disabled the final two rule all user can't access any site on the internet, only the user have rule pass can access.
    I need all user access the internet with restriction "opendns" rule and  only user such as pass rule (192.168.1.101) can reach any site Internet.

    Also need some answer for this questions:

    Q: I have Static IP in my network put at DVR and Server to can I access for this static plug direct third cable from router to switch, for any reason "power failure" first PC in network open get static IP and make problem. resolve when restart switch or restart all PC in network. "How can resolve automatic this problem"

    Also I need easy way to block Hotspot Shield and Ultrasurf



  • @ahmadhassan:

    @mauroman33:

    To prevent IPs other than the one in the second pass rule (192.168.1.101) can reach Internet, you should disable the final two pass rules present in your list.

    When I disabled the final two rule all user can't access any site on the internet, only the user have rule pass can access.
    I need all user access the internet with restriction "opendns" rule and  only user such as pass rule (192.168.1.101) can reach any site Internet.

    Sorry, I had misunderstood your question.
    If you want to allow to that specific IP to bypass the preconfigured pfSense DNS by changing its local DNS, you should add another rule at the top.

    ![DNS rules.png](/public/imported_attachments/1/DNS rules.png)
    ![DNS rules.png_thumb](/public/imported_attachments/1/DNS rules.png_thumb)



  • Sorry, I had misunderstood your question.
    If you want to allow to that specific IP to bypass the preconfigured pfSense DNS by changing its local DNS, you should add another rule at the top.

    I already add pass rule add top if you look attach in post no. 3, but can't open Facebook such as.

    And if you have answer for this questions:

    I have Static IP in my network put at DVR and Server to can I access for this static plug direct third cable from router to switch, for any reason "power failure" first PC in network open get static IP and make problem. resolve when restart switch or restart all PC in network. "How can resolve automatic this problem"

    Also I need easy way to block Hotspot Shield and Ultrasurf



  • @ahmadhassan:

    I already add pass rule add top if you look attach in post no. 3, but can't open Facebook such as.

    And if you have answer for this questions:

    I have Static IP in my network put at DVR and Server to can I access for this static plug direct third cable from router to switch, for any reason "power failure" first PC in network open get static IP and make problem. resolve when restart switch or restart all PC in network. "How can resolve automatic this problem"

    Also I need easy way to block Hotspot Shield and Ultrasurf

    You're right, there is already the pass rule…  :o
    I tried it and it works for me, it might be because I'm not using a dynamic dns with web filtering as OpenDNS.
    I'm sorry but I don't know how to bypass it and I cannot help you with your other question.



  • @mauroman33:

    You're right, there is already the pass rule…  :o
    I tried it and it works for me, it might be because I'm not using a dynamic dns with web filtering as OpenDNS.
    I'm sorry but I don't know how to bypass it and I cannot help you with your other question.

    Thanks, but I use static IP for opendns