Rules for IoT w/local DNS/DHCP & Internet
-
Hi,
My goal with this post is to be able to connect a tablet via wireless to iot.vlan using DHCP.
To do this, I believe this is what I need to do, correct?
- Allow IoT devices DHCP on pfSense only
- Allow IoT devices to resolve DNS on pfSense, but block upstream
- Block any access from iot.vlan to psSense(this.firewall)
- Block IoT devices any access to RFC1918 addresses
- Block any access to everything else, including any other vlan/network
- Allow IoT devices any access to Internet
--- if the rules below don't match the above goal or has the wrong order, please suggest for improvements, thanks ---
Setup:
- Unifi AP on mgmnt.vlan (serving iot.vlan only)
This is what I have so far;
The problem:
With these, tablet tries to get an IP, but fails to obtain one. Static fails also which I believe points to my rules? DHCP and DNS Resolver is enabled for iot.vlan, plenty of free addresses.Would someone please help me find out what is incorrect here? Thank you
-
Here is mine:
-
@furom said in Rules for IoT w/local DNS/DHCP & Internet:
Hi,
My goal with this post is to be able to connect a tablet via wireless to iot.vlan using DHCP.
To do this, I believe this is what I need to do, correct?
- Allow IoT devices DHCP on pfSense only
- Allow IoT devices to resolve DNS on pfSense, but block upstream
- Block any access from iot.vlan to psSense(this.firewall)
- Block IoT devices any access to RFC1918 addresses
- Block any access to everything else, including any other vlan/network
- Allow IoT devices any access to Internet
--- if the rules below don't match the above goal or has the wrong order, please suggest for improvements, thanks ---
Setup:
- Unifi AP on mgmnt.vlan (serving iot.vlan only)
This is what I have so far;
The problem:
With these, tablet tries to get an IP, but fails to obtain one. Static fails also which I believe points to my rules? DHCP and DNS Resolver is enabled for iot.vlan, plenty of free addresses.Would someone please help me find out what is incorrect here? Thank you
The rules are working as lots of traffic has been allowed for each rule (likely other devices than your pad). So your issue is most likely your pad or the Wifi
-
@keyser Thanks, that's good to know, a start. No obvious errors in the rule setup then I assume? They are pretty similar to @CiscoX rules, apart from the last one which I split into two.
If so, I guess I should move this into a wireless section, if any. Thanks to both :)