Allow 1 Opt1 device to access 1 LAN device?
-
HI all. Seriously lovin the pfSense software so far, and would like assistance with an issue.
My goal:
- allow FireTv to access the shares on PC3
- prevent all other devices on Opt1 from reaching anything on LAN
Is this possible given my current layout?
Is there a better layout to achieve this goal?I have so much to learn!
Thanks.. -
Of course it's possible. It's easy. And your layout is fine. There are many ways to do things and no one way is necessarily best.
-
Yup that is very common and only a couple of rules on opt1 interface
-
Thanks, it's nice to know that It can be done. All attempts have failed thus far tho.
My latest was this:
I don't know for sure if the DNS rules should be there for WiFi, and disabled them for now.
-
@dave07 How do you want to access the shares on PC3 from FireTV?
The rule allows access to them but
- if it's a Windows PC you have to enable access from devices other that it's own subnet (Windows firewall settings)
- network shares will not be visible in FireTV Apps like VLC etc (different broadcast domain) but accessible, e.g. doesn't pop up in network neighbourhood.
DNS uses TCP and UDP on p53.
If you have DNS Resolver or Forwarder configured to server your WiFi net then destination should be "WiFi net" rather than "LAN net".Your last rule "allow anywhere but LAN" is perfectly fine and I sometimes use it myself this way.
Others prefer to make this two rules to be more obvious:
-first block access to LAN
-then allow traffic to *
With your amount of rules I am confident it will not give you headaches in the future understanding what you configured. Just saying. -
jahonix, thank you for all of those tips. I appreciate it greatly!
"How do you want to access the shares on PC3 from FireTV?"
FireTV has Kodi installed. Kodi is using SMB to access PC3 media.
This works flawlessly when on the same subnet.I've edited the Windows Firewall on PC3 as you mentioned. Another help
topic said to edit SMB-in, so I hope that's what you're referring to.
I tried two things, one at a time:
192.168.20.109
192.168.20.0/24
Still won't connect. Anything else I can try here?
-
Turn the Windows firewall OFF for testing. Once everything is working, then you can worry about locking it down. Can you ping 10.103 from 20.109, assuming it has any network tools? Modify your rule to allow 20.101 and then try pinging from your laptop.
-
Thank you for those suggestions KOM. Unfortunately, disabling the firewall on the media server did not alleviate this issue. After putting this entire project on back-burner for some days, I then reconfigured Kodi from scratch and it can now see the media server on the other subnet. Yay :)
Moderator - please mark this as solved
-
You can edit the thread title and add solved to it if you so desire.. The time it took you to ask me to do it, you could of done it yourself faster ;)
