3. How could I block NAT or routing from users of my LAN

How could I block NAT or routing from users of my LAN

  • S

    Hello friends, I have a problem in my LAN. The users are using to much the hotspot tehering for a WAN connection that is far from be fast, almost compare to an ADSL connection of 2Mbps for more than 20 users. I need to control this situation, I have investigated about this and found that Mikrotik use rules that prevent this by changing the ttl to 1 (TTL=1). This solution avoid the use of routers or another L3 equipment inside the LAN of the pfsense.
    My question is: Can I do the same using my pfsense firewall? I mean, would I be able to use a mangle packet filtering to change the TTL for this specific situation?

    0
  • LAYER 8 Global Moderator

    Why would you not just create a firewall rule to stop them from going outbound?  And only allow the stuff you want, and actually limit that as will with a limiter.

    0
  • S

    @johnpoz:

    Why would you not just create a firewall rule to stop them from going outbound?  And only allow the stuff you want, and actually limit that as will with a limiter.

    They are not going to the outbound directly, they are managed by el proxy server wich have full access to the WAN interface of the pfsense (www). I do not want to block them at all, I just want to know whem an user is using NAT before enter to the infraestructure.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy