portforward issue over vpn with floating rules
-
Hi, I'm new to pfsense and im learning by doing.
I have a network connected to this pfsense.
the fw have openvpn client and i have 3 floating rules on the wan interface- pass udp 1194
- pass udp 53
- reject any any
this works great, if my fw looses vpn connectivity none of my machines can access internet, just as i want it.
now the issue, i want to portforward a port to one of the devices on the network.
and this doesnt work, if i disable my floating rule the portforward works.
i have tried several things like removing portforward and only allow lan net to go via opt1 interface in hope to get my "kill switch", but if vpn goes i still have internet access.
i have tried to creat a floating rule regardning my port fortward in any direction, but get CLOSED:SYN_SENTi am out of ideas, can't i have my kill switch and a portforward?
-
You can tag the traffic on the vpn interface and then create a floating rule to block the tagged traffic from going out of the WAN interface. This will act as a killswitch when your vpn goes down.
https://www.reddit.com/r/PFSENSE/comments/6edsav/how_to_proper_partial_network_vpn_with_kill_switch/
I got a similar setup including port forwarding for my non VPN WAN interface to a local machine.
-
Hey, that worked really well =) thank you very much! i had spent hours to try different things before this :P