Block all traffic, but still allow certain services between LAN's
-
Hi
I have configured my pfSense box to have to LAN's. One is for server/office use and the other is for the home network that has Wifi.
Since I from time to time have friends come to my house, they will also use the network, but I do not want them to access the server/office network. I have achieved this by making the default allow rule only allow traffic that is not destined for and RFC1918 network. However, since I have DNS-services running on two servers, I would still like to have this working, so I created a second allow rule, that allows traffic from the home network to the two IP-addresses on the server/office network, but when I want to resolve DNS, it denies the access, although the new rule is placed above the first rule. But internet traffic like ping to 8.8.8.8 still works.How would I accomplish to completely block communication between these two networks, while still keeping access to the DNS-servers.
-
Since I can't see your rules, I can't be more specific, but it sounds like you have done one or more of:
-
rules in the wrong order
-
rule in the wrong direction/wrong interface
-
coded the rule incorrectly
Put your allow rule above your rfc1918 block rule. My best guess
INTERFACE: GUESTLAN
PROTO: TCP/UDP PASS source:GUESTLAN port:any destination: yourserver port: DNS (53)You can also put a either a PASS or BLOCK all rule at the end of the GUESTLAN with logging on.
If you pick Block, you can use the "QUICK RULE" in the log to give you some help with coding the rule.Have a look at this https://forum.pfsense.org/index.php?topic=126866.msg701462#msg701462.
It's not complete, but it is something that I have been working on to help make the rules easier to visualize.
Let me know if it helps-or ask a question if you need clarification.Good Luck!
-