public carp and private wan ip adresses, how to build firewall rules for internet access



  • Hi,

    in my environment i have two pfsense boxes,
    box 1:
    wan: 172.30.0.1/30
    gw: 80.123.89.9
    carp: 80.123.89.10/30

    box 2:
    wan: 172.30.0.1/30
    gw: 80.123.89.9
    carp: 80.123.89.10/30

    My question is, how can i configure the firewall rules to give a network access to the internet and block access to other interfaces/networks. Like a DMZ.

    With a rule set to any - any and pass i can reach the internet but a rule with any - wan net and pass i can't access the internet.

    Thanks for advice!



  • i figured out that this is working for my purposes:

    0_1550683040826_20-02-_2019_18-16-44.jpg

    But do i always need a block rule for all other interfaces? Is there nothing similar to a implicit deny rule? (like i see at a fortigate)


Log in to reply