Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rule allow network access can't working

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sonic369
      last edited by

      Currently i installed complete firewall PfSense version 2.4.4-p3.
      I know default rule for LAN is allow network access to internet but i want to my rule specifically, so i edit default rule is

      • Protocol: IPv4 *
      • Source: LAN net
      • Port: *
      • Destination: WAN net
      • Port: *

      But after i edit default rule, my client can't use google. Please help me this problem.

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by chpalmer

        Because you limited your whole LAN to only being able to reach the WAN's net whatever that is for you.

        Yea- let me rephrase that- You have blocked you from reaching the whole rest of the world.

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        S 1 Reply Last reply Reply Quote 0
        • S
          sonic369 @chpalmer
          last edited by

          @chpalmer i think it's will more secure in LAN

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            If you get this address from your ISP:

            192.0.2.103/24

            And your gateway is 192.0.2.1

            And you limit destinations to WAN network. You will only be able to access anything in 192.0.2.0/24

            WAN network is the subnet of the WAN interface. The internet is Destination any.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • S
              sonic369
              last edited by

              Hi everyone,
              Today i config rule for LAN as like image below
              a8efd5ff-79a9-4e16-8b71-6812166bec67-image.png

              And rule for WAN i not yet config. But when i use client go to website google ok although i not yet config rule for WAN ????
              9082bbed-0ae9-4631-8b92-22963c3a8e1e-image.png

              7b8599fe-583f-478c-a8ac-1d47d2464275-image.png

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Why would you think you need a rule on wan? Rules on wan are only for unsolicited traffic inbound to your wan..

                When you allow traffic out from your "lan" or any other network on your lan side, the state is what allows the return traffic... Not a rule you put on wan.

                The only time you need rules on wan is if your doing port forwarding, or want to allow something to access a service on your wan, or pass through to a network behind if your actually routing and not natting.

                For example say you wanted to be able to ping your wan IP from the internet, then you would need rule on wan to allow that.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Your rule is TCP-only. That won't work for UDP, etc. DNS is generally UDP so you probably won't have very good results with that.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    ^ yup very true... Kind of hard for clients to resolve anything with those rules, unless your doing doh or dot for dns on the client, or serving up dot to your clients on unbound.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.