Restrict Access to Local Network Servers

Bambos

Hello everyone,

Is it possible to block access to my servers within the same local LAN ??
For example now i'm trying to block myself from accessing the fileserver but is not working. It seems that pfsense is evaluating the rule when traffic change interfaces ??? Is this correct or i'm doing something wrong ? What is reccomended to achieve this restriction ?

On the example below, i have the rule as above as possible on the table (to evaluate before everything else) and is not blocking me. im 192.168.6.50.

Any suggestions ?

viragomann

@bambos
No, traffic between devices within the same subnet doesn't pass pfSense. So pfSense cannot affect it.
You can only configure the firewalls on devices accordingly.

Therefor when setting up a network you should put devices with the same potential risk into the same network segment, e.g. all web servers in one, database servers in another one segment.

Bambos

@viragomann Thank you !!!

What about this ?? my guest internet only access can block pfsense gui on gateway 192.168.8.1 so guest people can't see the login of pfsense.

Why this rule is working , while is still on the same subnet ?

johnpoz

@bambos said in Restrict Access to Local Network Servers:

while is still on the same subnet ?

Because your trying to talk to pfsense, which is running a firewall - and it sees the traffic.

When 192.168.6.50 tries to talk to 192.168.6.10 - pfsense never sees this traffic - so how could it block it or allow it even?

Pfsense blocking access to itself would be like you running a firewall on 6.10, it could prevent 6.50 from talking to it. But pfsense at 6.1 would never see that traffic..

Bambos

@viragomann @johnpoz thanks a lot guys !! you always been very helpful last 2 years. I almost learn how to configure pfSense