4. Anwhere but Lan not working

Anwhere but Lan not working

  • P

    I have three usable networks Lan2, wireless and PS4...I am trying the ps4 anywhere but lan2 rule and it works however when i set the ps4 anywhere but wireless rule...it does not work I can still ping the wireless network.

    anywhere bulocal lan.PNG

    Please OMIT description unless it's relevant?...I copied the initial pfsense rules and edited them to suite..just have not updated the descriptions as yet.

    0
  • Netgate Administrator

    You can't apply two NOT rules like that as one of them will always match. In this case when you ping the something in the wireless subnet it matches the first pass rule because it's not in the LAN2 subnet.

    You should apply two REJECT rules. For PS4net to LAN2net and PS4net to Wirelessnet. And then a pass rule below that for everything else.

    Steve

    0
  • P

    Do I apply the invert match to all of them or just the pass rule...or no invert at all? My intention is to open UPNP for consoles is this a good idea...(concerns over security)anywhere.PNG
    Think I got it.

    0
  • Netgate Administrator

    ATTBYPASS is effectively your WAN here I assume?

    ATTBYPASSnet will only be that subnet so probably only the WAN IP and it's gateway. If you don't want the PS4 accessing that then deny that too. Then add a pass all rule at the bottom that will allow traffic you have not already denied.

    Enabling UPnP is an inherent security risk yes. If you lock it down to only the PS4 IP that limits the risk but it's still a risk. You probably will need it to get full access to PS4 games though because terrible network code in games.

    Steve

    0
  • P

    Sorry just updated my config...yes ATTBTPASS is my WAN... does the new image look correct?

    0
  • Netgate Administrator

    Yes, that will work. It denies traffic to the local LAN and WIRELESS subnets and allows traffic to everywhere that isn't the local WAN subnet.
    That still allows traffic to the PS4 interfaces address which is necessary for DNS and UPnP, if you enable that.

    Steve

    0
  • P

    Thanks Steve!

    0
  • P

    Instead of opening upnp I did this. Capture0.PNG

    0
  • Netgate Administrator

    Static source port outbound is required for a lot of games (which is absurd IMO but....) but some also require UPnP. You may find you still need that.
    Of course by having the PS4 in a different subnet you are limiting exposure to that only.

    Steve

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy