LAN > LAN rule question



  • Hello,

    I have created a LAN > LAN rule for testing. I need to block some devices (VoiP phones) to access anything than the pbx. So experimenting, I created an alias with my phone's IP and in the LAN interface of pfsense I created a rule to drop traffic from this IP to the pbx. But the phone keeps registering to the pbx.

    Maybe this cannot be done at all?

    Best regards

    Kostas



  • Inter-LAN traffic never hits the firewall.  Your LAN clients talk directly to each other.  If you want to control access like that, put your PBX on a different network interface or VLAN and then use your rules.



  • That explains.

    Thank you very much.

    Best regards

    Kostas


  • LAYER 8 Global Moderator

    Kostas

    Please do not take this the wrong way..  Please I mean no disrespect, everyone starts someplace… But his question does come up quite a bit to be honest..  And it makes sense from some home user just playing with pfsense and networking and firewalls.

    But when your talking a pbx and phones - I am thinking is is some sort of work network?

    If just your home network than ok.. But in a work environment the trouble I have is how does someone who doesn't understand lan traffic would not talk to the gateway to talk to other devices on the same network have access to the firewall and or pbx and phones?

    Did you inherit the IT position because he quit or on medical or something.. Did you lie on a resume?

    How is it you are involved in such a endeavor which maybe I am assuming wrong this is a work/company network with lacking basic 101 networking skills?

    You can tell to F off if you want, but I am truly curious!  If this is just your home network and your just getting started then such a question makes more sense.



  • No offense taken.

    Its a lab network, but no clear head. Remember-realized that LAN 2 LAN is made with MAC address and switch and not via the FW.

    Best

    K


  • LAYER 8 Global Moderator

    ah - so this is not a production setup you don't work in the field.  Your just playing on a lab..

    Thanks for answering..  If you have any general networking questions throw them up in the general section and be happy to help..



  • I work in the field. But sometimes I am missing the obvious (the 101).

    Best

    K



  • I'm seeing this more and more where companies try to cut corners by not having qualified staff, and then they expect the smartest "computer guy" to just figure everything out even though that's not his job nor area of expertise.

    No problems, though.  We help everybody.



  • Sure and we (me first) thank you for this.

    However, please dont judge a person's knowledge just from a forum post-question…

    Best regards

    K


  • LAYER 8 Global Moderator

    "However, please dont judge a person's knowledge just from a forum post-question…"

    And while sure people have brain farts.. The best of us do..  Missing such a basic concept to the point you are asking a question on a forum about it.. Sorry but yeah that is going to get you judged ;) Just the way the world works.


Log in to reply