Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to set up different content filtering for different networks using PFSense.

    pfSense Packages
    2
    4
    2245
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ecadmin last edited by

      Hello!!,

      I am new to PFSense. We recently purchased a PFSense device and would like to configure it to the following network requirements:

      REQUIREMENTS:

      • We have about 20 computers (10 on the 1st Floor, and 10 on the 2nd Floor).
      • The computers on the 1st Floor will have access to the internet (with some filtering controlled by PFSense)
      • The computers on the 2nd Floor will NOT have access to any site on the Internet, but only to some that will be allowed. For example: access only to GMAIL.com, BBC.com, and CNN.com.

      My question is whether PFSense can do this, and if so, how do we need to configure it in order to achieve this goal?

      Thank you for your help.

      Any recommendation or advice is greatly appreciated.

      Sincerely,

      SORBEDOCS.

      1 Reply Last reply Reply Quote 0
      • D
        dvserg last edited by

        If simple NAT internat access, then (for example) add allow firewall rules for 2 floor:

        Allow TCP proto | src IP = '2 floor IP's' port = any | dest IP = 'GMAIL.com, BBC.com, and CNN.com ip's ranges' port = 80
        Allow TCP proto | src IP = '2 floor IP's' port = any | dest IP = 'GMAIL.com, BBC.com, and CNN.com ip's ranges' port = 443
        Deny TCP proto | src IP = '2 floor IP's' port = any | dest IP = any port = 80
        Deny TCP proto | src IP = '2 floor IP's' port = any | dest IP = any port = 443
        And good idea use aliases

        OR
        Use proxy Squid + squidGuard

        SquidGuardDoc EN  RU Tutorial
        Localization ru_PFSense

        1 Reply Last reply Reply Quote 0
        • E
          ecadmin last edited by

          DVSERG,

          Thank you for your response.

          I am wondering:

          If I decide to use NAT internet access,

          • can the "2 floor IPs" be changed to a network block (say 192.168.15.0)??, and
          • can the part that comes after the "dest IP =" be changed to a filename?? That is, this file will keep a list of all the websites that are allowed to the 2nd floor.

          Thank you for your help.

          Sincerely,

          SORBEDOCS

          1 Reply Last reply Reply Quote 0
          • D
            dvserg last edited by

            @ecadmin:

            • can the "2 floor IPs" be changed to a network block (say 192.168.15.0)??, and
            • can the part that comes after the "dest IP =" be changed to a filename?? That is, this file will keep a list of all the websites that are allowed to the 2nd floor.
            • Yes, 192.168.15.0/24 for example
            • No, dest IP cant be filename, but possible use aliases

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • First post
              Last post