Pfsense: M
-
Installed pfsense firewall on vmware ESXI 6.5. It is sitting behind a AT&T modem. I have configured the modem for IP pass thru. The WAN interface is getting a public IP Address and the LAN interface has a static ip address. Also Pfsense is setup for DHCP. Pfsense has a different IP Address scheme than the AT &T modem. I thought by having 2 different IP Address schemes I should not be able to ping the AT&T modem from Pfsense but I can. I cannot ping the Pfsense firewall form AT&T modem which is what I want and expected.
What do I need to configure to prevent the firewall from being able to ping the AT&T modem.Thanks
-
-
@blake The AT&T modem works that way by default. Actually others as well, like Comcast. The idea is so one can connect to the web GUI of the modem from the LAN side. And for Comcast, at least, one can plug into its LAN and get a 10.1.10.x IP address to test while bypassing your router...haven't tried with AT&T but I know the AT&T wireless can be active and used.
pfSense just routes the packet up the chain and the AT&T modem knows it is for itself. In order to block that you'd have to make a firewall rule on the pfSense LAN to block traffic to the modem IP or its subnet.
-
@viragomann Yes, Pfsense is setup for DHCP. Also my ISP IP Address is also DHCP.
-
Understand need a firewall rule that blocks traffic to the 192 subnet.
Could you give me a example or a link to a Pfsense guide.
Thank you for responding.
-
@blake Assuming only WAN and LAN, on LAN:
- allow from my_ip to AT&T_modem_ip
- block from LAN to AT&T_modem_ip
Repeat for other interfaces.
-
@steveits Thanks for your help, that worked. After restarting Pfsense it starting working. Thanks again.