Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Anwhere but Lan not working

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 2 Posters 344 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Phantom_Stage
      last edited by Phantom_Stage

      I have three usable networks Lan2, wireless and PS4...I am trying the ps4 anywhere but lan2 rule and it works however when i set the ps4 anywhere but wireless rule...it does not work I can still ping the wireless network.

      anywhere bulocal lan.PNG

      Please OMIT description unless it's relevant?...I copied the initial pfsense rules and edited them to suite..just have not updated the descriptions as yet.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by stephenw10

        You can't apply two NOT rules like that as one of them will always match. In this case when you ping the something in the wireless subnet it matches the first pass rule because it's not in the LAN2 subnet.

        You should apply two REJECT rules. For PS4net to LAN2net and PS4net to Wirelessnet. And then a pass rule below that for everything else.

        Steve

        1 Reply Last reply Reply Quote 0
        • P
          Phantom_Stage
          last edited by Phantom_Stage

          Do I apply the invert match to all of them or just the pass rule...or no invert at all? My intention is to open UPNP for consoles is this a good idea...(concerns over security)anywhere.PNG
          Think I got it.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            ATTBYPASS is effectively your WAN here I assume?

            ATTBYPASSnet will only be that subnet so probably only the WAN IP and it's gateway. If you don't want the PS4 accessing that then deny that too. Then add a pass all rule at the bottom that will allow traffic you have not already denied.

            Enabling UPnP is an inherent security risk yes. If you lock it down to only the PS4 IP that limits the risk but it's still a risk. You probably will need it to get full access to PS4 games though because terrible network code in games.

            Steve

            1 Reply Last reply Reply Quote 0
            • P
              Phantom_Stage
              last edited by Phantom_Stage

              Sorry just updated my config...yes ATTBTPASS is my WAN... does the new image look correct?

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Yes, that will work. It denies traffic to the local LAN and WIRELESS subnets and allows traffic to everywhere that isn't the local WAN subnet.
                That still allows traffic to the PS4 interfaces address which is necessary for DNS and UPnP, if you enable that.

                Steve

                1 Reply Last reply Reply Quote 0
                • P
                  Phantom_Stage
                  last edited by

                  Thanks Steve!

                  1 Reply Last reply Reply Quote 0
                  • P
                    Phantom_Stage
                    last edited by Phantom_Stage

                    Instead of opening upnp I did this. Capture0.PNG

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Static source port outbound is required for a lot of games (which is absurd IMO but....) but some also require UPnP. You may find you still need that.
                      Of course by having the PS4 in a different subnet you are limiting exposure to that only.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.