Unable to restrict LAN(s) [Solved]


  • Hi,

    I use a Qotom device which has multiple LANs and I am trying to split my home into LANs and create some rules around it.

    For starter, I did following:
    a) LAN-1: most trusted machines like office laptop, NAS and few handful of machines (static IP assignment)
    b) LAN-2: all IoT stuff like camera lights, Ring Doorbell etc (static IP assignment)
    c) LAN-3: all other devices in the house like TV, kid's computers etc
    d) LAN-4: All DHCP assigned to guests

    I created the following rule to test if LAN(s) can be isolated from each other, so added a rule in LAN-2 to restrict access from LAN-1 but unfortunately I am still able to ping a machine from LAN-1 to LAN-2. First I thought that routing must cached so I restarted both the machines as well as pfSense but the ping is still going thought inspite of the rule in place.

    Did I miss something or not doing it correctly?
    Thanks.

    LAN-2.png


  • You're not doing it correctly, you need to flip-flop the rules.

    On the LAN2 tab, you block LAN2 from getting into LAN1. On the LAN1 tab, you block LAN1 from getting into LAN2. On the LAN3 tab, you block LAN3 from getting into LANX, and so on and so forth. Make sense?

    Here's one of my rules, to keep a GUEST network out of my LAN network.

    Action: Reject
    Interface: GUEST
    Address Family: IPv4
    Protocol: Any
    Source: GUEST net
    Destination: LAN net

    Jeff


  • @akuma1x

    OMG can't believe I can be this stupid 😊

    Flip flopping rule did the trick, thanks for pointing that out!