Separate networks
-
Hello everyone I hope you can help me, the issue is as follows:
1-I have a pfsense with two interfaces a client that goes through the LAN and another client that goes through the LAN1 the detail is that I do not want them to see each other. and I do not know how to configure this rule.
2- I have a VPN tunnel with Wireguard, which I do not know how to indicate which network it belongs to because when I connect to the VPN client from either side I can see the two client networks, so the tunnel is the LAN client I do not want to see the LAn1.
I would appreciate if you could help me please
Translated with www.DeepL.com/Translator (free version)
-
-
You can use firewall rules on your LAN & LAN1 interfaces to block access to each. Right now LAN has a default Allow LAN to any rule that you probably copied for LAN1. Create a block rule above it that blocks access to the other network.
-
Modify the firewall rules on the Wireguard tab to block access to things you don't want the tunnel to see. Right now you probably have an Allow rule just like the one on LAN and LAN1.
-
-
This is the rule I have configured to disallow traffic from LAN1 to LAN but if I ping 192.168.1.1.1 from 192.168.5.1 I get a response.
-
@netermin Source should be either Any or LAN1 net and the Destination should be LAN net.
-
@netermin said in Separate networks:
to disallow traffic from LAN1 to LAN
Your rule would be on lan1 then not lan.
Rules are evaluated on interface traffic would enter pfsense.
-
@johnpoz Sheesh I didn't even notice he was on the wrong interface entirely.
-
Its easier to spot when they post the rules on the interface vs specific details of a rule. All that is needed to be seen to know if the rule is correct or not can be seen on the interface tab - also shows order and other rules that might prevent rule from working, etc.