Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How could I block NAT or routing from users of my LAN

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    3 Posts 2 Posters 748 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sparrow_bk
      last edited by

      Hello friends, I have a problem in my LAN. The users are using to much the hotspot tehering for a WAN connection that is far from be fast, almost compare to an ADSL connection of 2Mbps for more than 20 users. I need to control this situation, I have investigated about this and found that Mikrotik use rules that prevent this by changing the ttl to 1 (TTL=1). This solution avoid the use of routers or another L3 equipment inside the LAN of the pfsense.
      My question is: Can I do the same using my pfsense firewall? I mean, would I be able to use a mangle packet filtering to change the TTL for this specific situation?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Why would you not just create a firewall rule to stop them from going outbound?  And only allow the stuff you want, and actually limit that as will with a limiter.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          sparrow_bk
          last edited by

          @johnpoz:

          Why would you not just create a firewall rule to stop them from going outbound?  And only allow the stuff you want, and actually limit that as will with a limiter.

          They are not going to the outbound directly, they are managed by el proxy server wich have full access to the WAN interface of the pfsense (www). I do not want to block them at all, I just want to know whem an user is using NAT before enter to the infraestructure.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.