Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking Acces to Another VLAN but Allow Internet Acces

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 453 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mracar07
      last edited by

      alt text

      I wanna block musteri vlan to acces any another vlan except wdspaylasim vlan. I did this rules but musteri vlan still can acces to etc. Wifi network.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Have you deleted the states?

        BTW: It's more reliable to reject any and allow only the destinations you want to allow.
        For allowing internet access add an alias including all RFC 1918 networks and use this in a pass rule as destination with "invert" checked. (Presuming you use only RFC 1918 networks behind pfSense.)
        So you will be still save if you change a subnet or add a network.

        M 1 Reply Last reply Reply Quote 0
        • M
          mracar07 @viragomann
          last edited by mracar07

          @viragomann

          I Just restarted my machine.

          Actually i wanna do same thing for my other VLANs too. But its different. Like icag can acces to Server, wdspaylasim and internet but cant acces to other VLANs. Also i cant allow Just dns, http and https. My clients using different smtp ports, cctv port etc.

          Also no, i have out of RFC1918 network

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            If you have those rules and client can still access the wifi subnet from the musteri subnet after rebooting then something else is passing that traffic. You might have a floating rule or an interface group rule passing that traffic.

            Steve

            1 Reply Last reply Reply Quote 0
            • M
              marvosa
              last edited by marvosa

              Where are you testing from? Because I'm not seeing hits on any of those rules. The first thing I would do is re-verify that your access ports are in the correct VLAN.

              Then, If you only want MUSTERI to access WDSPAYLASIM and nothing else, then remove everything you have and configure an explicit pass rule for:

              Source = MUSTERI net
              Destination = WDSPAYLASIM net

              and be done. Everything else will get blocked by the implicit deny.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.