Anwhere but Lan not working
-
I have three usable networks Lan2, wireless and PS4...I am trying the ps4 anywhere but lan2 rule and it works however when i set the ps4 anywhere but wireless rule...it does not work I can still ping the wireless network.
Please OMIT description unless it's relevant?...I copied the initial pfsense rules and edited them to suite..just have not updated the descriptions as yet.
-
You can't apply two NOT rules like that as one of them will always match. In this case when you ping the something in the wireless subnet it matches the first pass rule because it's not in the LAN2 subnet.
You should apply two REJECT rules. For PS4net to LAN2net and PS4net to Wirelessnet. And then a pass rule below that for everything else.
Steve
-
Do I apply the invert match to all of them or just the pass rule...or no invert at all? My intention is to open UPNP for consoles is this a good idea...(concerns over security)
Think I got it. -
ATTBYPASS is effectively your WAN here I assume?
ATTBYPASSnet will only be that subnet so probably only the WAN IP and it's gateway. If you don't want the PS4 accessing that then deny that too. Then add a pass all rule at the bottom that will allow traffic you have not already denied.
Enabling UPnP is an inherent security risk yes. If you lock it down to only the PS4 IP that limits the risk but it's still a risk. You probably will need it to get full access to PS4 games though because terrible network code in games.
Steve
-
Sorry just updated my config...yes ATTBTPASS is my WAN... does the new image look correct?
-
Yes, that will work. It denies traffic to the local LAN and WIRELESS subnets and allows traffic to everywhere that isn't the local WAN subnet.
That still allows traffic to the PS4 interfaces address which is necessary for DNS and UPnP, if you enable that.Steve
-
Thanks Steve!
-
Instead of opening upnp I did this.
-
Static source port outbound is required for a lot of games (which is absurd IMO but....) but some also require UPnP. You may find you still need that.
Of course by having the PS4 in a different subnet you are limiting exposure to that only.Steve
