Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Separate networks

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 3 Posters 824 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • neterminN
      netermin
      last edited by

      Hello everyone I hope you can help me, the issue is as follows:

      1-I have a pfsense with two interfaces a client that goes through the LAN and another client that goes through the LAN1 the detail is that I do not want them to see each other. and I do not know how to configure this rule.

      2- I have a VPN tunnel with Wireguard, which I do not know how to indicate which network it belongs to because when I connect to the VPN client from either side I can see the two client networks, so the tunnel is the LAN client I do not want to see the LAn1.

      I would appreciate if you could help me please

      Translated with www.DeepL.com/Translator (free version)

      KOMK 1 Reply Last reply Reply Quote 0
      • KOMK
        KOM @netermin
        last edited by

        @netermin

        1. You can use firewall rules on your LAN & LAN1 interfaces to block access to each. Right now LAN has a default Allow LAN to any rule that you probably copied for LAN1. Create a block rule above it that blocks access to the other network.

        2. Modify the firewall rules on the Wireguard tab to block access to things you don't want the tunnel to see. Right now you probably have an Allow rule just like the one on LAN and LAN1.

        neterminN 1 Reply Last reply Reply Quote 0
        • neterminN
          netermin @KOM
          last edited by

          This is the rule I have configured to disallow traffic from LAN1 to LAN but if I ping 192.168.1.1.1 from 192.168.5.1 I get a response.2021-05-28 16_07_49-pfSense.home.arpa - Firewall_ Rules_ Edit.png

          KOMK johnpozJ 2 Replies Last reply Reply Quote 0
          • KOMK
            KOM @netermin
            last edited by KOM

            @netermin Source should be either Any or LAN1 net and the Destination should be LAN net.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @netermin
              last edited by johnpoz

              @netermin said in Separate networks:

              to disallow traffic from LAN1 to LAN

              Your rule would be on lan1 then not lan.

              Rules are evaluated on interface traffic would enter pfsense.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              KOMK 1 Reply Last reply Reply Quote 0
              • KOMK
                KOM @johnpoz
                last edited by

                @johnpoz Sheesh I didn't even notice he was on the wrong interface entirely.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @KOM
                  last edited by

                  Its easier to spot when they post the rules on the interface vs specific details of a rule. All that is needed to be seen to know if the rule is correct or not can be seen on the interface tab - also shows order and other rules that might prevent rule from working, etc.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.