Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to restrict LAN(s) [Solved]

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 337 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      PM_13
      last edited by PM_13

      Hi,

      I use a Qotom device which has multiple LANs and I am trying to split my home into LANs and create some rules around it.

      For starter, I did following:
      a) LAN-1: most trusted machines like office laptop, NAS and few handful of machines (static IP assignment)
      b) LAN-2: all IoT stuff like camera lights, Ring Doorbell etc (static IP assignment)
      c) LAN-3: all other devices in the house like TV, kid's computers etc
      d) LAN-4: All DHCP assigned to guests

      I created the following rule to test if LAN(s) can be isolated from each other, so added a rule in LAN-2 to restrict access from LAN-1 but unfortunately I am still able to ping a machine from LAN-1 to LAN-2. First I thought that routing must cached so I restarted both the machines as well as pfSense but the ping is still going thought inspite of the rule in place.

      Did I miss something or not doing it correctly?
      Thanks.

      LAN-2.png

      1 Reply Last reply Reply Quote 0
      • A Offline
        akuma1x
        last edited by akuma1x

        You're not doing it correctly, you need to flip-flop the rules.

        On the LAN2 tab, you block LAN2 from getting into LAN1. On the LAN1 tab, you block LAN1 from getting into LAN2. On the LAN3 tab, you block LAN3 from getting into LANX, and so on and so forth. Make sense?

        Here's one of my rules, to keep a GUEST network out of my LAN network.

        Action: Reject
        Interface: GUEST
        Address Family: IPv4
        Protocol: Any
        Source: GUEST net
        Destination: LAN net

        Jeff

        P 1 Reply Last reply Reply Quote 1
        • P Offline
          PM_13 @akuma1x
          last edited by

          @akuma1x

          OMG can't believe I can be this stupid 😊

          Flip flopping rule did the trick, thanks for pointing that out!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.