Firewall permission problems for internet access



  • hi folks, this might be a rather unusual setup but still im hoping that someone can give me a hint…

    ive setup pfsense as follows:
    WAN - 10.10.1.2/24 -- gateway 10.10.1.1
    LAN - 10.10.2.1/24
    WLAN - bridged with LAN

    i began with setting the firewall rules to any - any for every interface
    and i can successfully ping the WLAN/LAN and WAN subnet aswell as the external internet

    but now i want the WLAN network to only be able to access the internet and with selective rules allow access to single hosts in the "WAN" network (eg host 10.10.1.10)

    to test i started off deleting the any-any rule for the WLAN interface and added the following to the said interface:
    any -> WLAN subnet
    any -> LAN subnet
    any -> WAN adress

    the other interfaces carry on with the any-any rule

    now i can ping the hosts in the WLAN and WAN subnet (eg ping to host 10.10.1.10 works) but i cant ping my providers DNS server (ip)

    what i also tried is pinging from the diagnostics menu - WAN interface -> DNS server which works
    somehow the firewall wont quite understand the last rule correctly, or im doing something rong =)

    could someone give me any hints to get the internet access working? (without having to use the any-any rule) =P

    thank you in beforehand  ;D



  • Adding a rule allowing traffic to the WAN address does just that - allows traffic to your WAN IP. You need to change the destination to "any", or not your internal network, or block your other internal subnets before allowing Internet traffic.


Log in to reply