Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple Networks, with a twist

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 200 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pallid_mage
      last edited by

      Hey guys, happy to finally be a part of the community and the forum! Been running PF for a couple years now, and and love it! Ill try to TLDR as i tend to ramble. I have a fully functioning PFSense network, with Pihole as my ONLY DNS server internally. All Port 53 requests to outside are re-routed to it. I have just added another adapter to create a separate network as I am unable to set up VLANs due to my environment. I want this network to ONLY have access to the outside world. I have created what i thought were the necessary rules, and it all works how i want internally, but i cannot get DNS resolution from Quad 1 outside, which is all I want. A "poor man's VLAN" as it were, with isolation to just the web. Could use some rules assistance!!

      Imgur pic here: https://imgur.com/a/av8DpdI

      1 Reply Last reply Reply Quote 0
      • awebsterA
        awebster
        last edited by

        By default a interface or vlan will have no rules, consequently all traffic will be blocked.
        If you put in an allow any rule, it will implicitly allow access to the LAN as well, so you need to first explicitly block traffic going to LAN, then allow anything else.

        Deny SRC: NEW DST: LAN
        Allow SRC: NEW DST: Any

        –A.

        1 Reply Last reply Reply Quote 0
        • P
          pallid_mage
          last edited by

          ....After some more research, yes I came to the above conclusion. Apologies for the lazy post! Having said that, my solution was to INVERT MATCH on the Destination network and select LAN NET, which will block access to the main network. This also is a single-rule solution! Props to Lawrence Systems on that one :) Either way, thanks a bunch for the response.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.