Block traffic from opt1 to lan but allow to wan



  • I have Three interfaces in pfsense, LAN, WAN and OPT1

    I want to let opt1 access internet (wan) but not being able to access hosts in LAN.

    I created these rules in opt1 but hosts in opt1 can 'see' the hosts in LAN.

    If I change the first rule to anything else, internet stops working in opt1

    What am I missing here?

    EDIT: I FOUND:

    It happens only when i enable squid. The point is that I need squid to be enabled, so how can I block opt1 squid(ers) from acessing lan hosts?



  • @tchadrack:

    I have Three interfaces in pfsense, LAN, WAN and OPT1

    I want to let opt1 access internet (wan) but not being able to access hosts in LAN.

    I created these rules in opt1 but hosts in opt1 can 'see' the hosts in LAN.

    If I change the first rule to anything else, internet stops working in opt1

    What am I missing here?

    EDIT: I FOUND:

    It happens only when i enable squid. The point is that I need squid to be enabled, so how can I block opt1 squid(ers) from acessing lan hosts?

    Ok, I've found the solution again, i needed to use this configuration:

    Bypass Proxy for These Destination IPs : 192.168.1.0/24

    Then, proxy is bypassed, and the firewall rules do not allow the lan hosts..


Log in to reply