Firewall permission problems for internet access



  • hi folks, this might be a rather unusual setup but still im hoping that someone can give me a hint…

    ive setup pfsense as follows:
    WAN - 10.10.1.2/24 -- gateway 10.10.1.1
    LAN - 10.10.2.1/24
    WLAN - bridged with LAN

    i began with setting the firewall rules to any - any for every interface
    and i can successfully ping the WLAN/LAN and WAN subnet aswell as the external internet

    but now i want the WLAN network to only be able to access the internet and with selective rules allow access to single hosts in the "WAN" network (eg host 10.10.1.10)

    to test i started off deleting the any-any rule for the WLAN interface and added the following to the said interface:
    any -> WLAN subnet
    any -> LAN subnet
    any -> WAN adress

    the other interfaces carry on with the any-any rule

    now i can ping the hosts in the WLAN and WAN subnet (eg ping to host 10.10.1.10 works) but i cant ping my providers DNS server (ip)

    what i also tried is pinging from the diagnostics menu - WAN interface -> DNS server which works
    somehow the firewall wont quite understand the last rule correctly, or im doing something rong =)

    could someone give me any hints to get the internet access working? (without having to use the any-any rule) =P

    thank you in beforehand  ;D



  • Adding a rule allowing traffic to the WAN address does just that - allows traffic to your WAN IP. You need to change the destination to "any", or not your internal network, or block your other internal subnets before allowing Internet traffic.


Locked