PFSENSE with 1 wan and multiple LAN
-
What is 192.168.1.21, is it your DNS server, if it is you'll never hit that firewall rule as the traffic is blocked by the first rule to 192.168.1.0/24.
Firewall rules are read from the top down.
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
-
I changed the rules like above and everything works like a charm.
Is that a recommended config or it works just from luck?
-
Maybe you also want to allow NTP.
It's sort of how I do it, but I have an alias that contain the subnets I don't want to be accessed and use that in the block rule and have it log.
I also just use "This Firewall" rather than a specific interface and I also have a block any any at the bottom and have that set to log.
-
How i will allow the ntp?
can you help with the rule?
-
-
i did this, is that correct?
Also something more tricky, at the same physical server where the pfsense VM runs i have a several more VMs that i would like to join them at my network (LAN or OPT1 depending on the VM)
How i can do that?
thanks again for the help
-
i did this, is that correct?
Also something more tricky, at the same physical server where the pfsense VM runs i have a several more VMs that i would like to join them at my network (LAN or OPT1 depending on the VM)
How i can do that?
thanks again for the help
The destination is any which will work.
I run NTP on my router and allow NTP only to This Firewall.
Re "Also something more tricky, at the same physical server where the pfsense VM runs i have a several more VMs that i would like to join them at my network (LAN or OPT1 depending on the VM)" not got a clue sorry I don't run proxmox.
-
ok and a final question. I would like to access the lan network when i am not at home.(office or vacations)
How i will achive that? i guess with VPN, can you give me some resources to read how to do that?
also can i allow a specific device from OPT1 to have full access at LAN and pfsense? I have an ipad connected via wifi from opt1 and i would like to manage some of my servers that are currently at lan.
The ipad gets an address frop OPT1 dhcp, can i create a MAC address rule to access LAN only from my ipad regardless the ip it has?
-
https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
"also can i allow a specific device from OPT1 to have full access at LAN and pfsense? I have an ipad connected via wifi from opt1 and i would like to manage some of my servers that are currently at lan.
The ipad gets an address frop OPT1 dhcp, can i create a MAC address rule to access LAN only from my ipad regardless the ip it has?"
You'll need to do a mac address reservation in the dhcp settings for the iPad and allow that IP address, you can't do firewall rules with mac addresses.
-
Thank you very much for the info!
I forgot to mention that my isp does not provide me a static ip, if I use a ddns service will I be able to do a vpn? At the certificate creation can I use the ddns domain instead of an ip?
Do I have to consider something else with a ddns configuration?
Thanks again!
-
Yes. Use the exact hostname the remote users will be connecting to as the CN and an FQDN or Hostname SAN in the certificate you create for the VPN Server.
Set My Identifier in the VPN Phase 1 to Distinguished name and use the exact hostname there too.
-
Thank you very much sir!
I have a few connectivity issues with the internet. a couple times everyday for several minutes i don't have internet access. I don't know if it is a down dsl service, a rule or something else, i just don't have internet at my devices for a few minutes. How i can troubleshoot this problem? where do i search in order to figure out whats happening?
Thanks in advance again!
-
https://doc.pfsense.org/index.php/Connectivity_Troubleshooting