Blocking access to self stops internet access
-
Hello all,
Good day.
I recently had to recreate a vlan and the dhcp configuration due to when enabling vlanid 24 i wasnt able to get connected via wireless, that got fixed.
Now, im trying to isolate my IoT network to just be able to reach out to the internet and not being able to connect to my home wifi network (vlan) and to pfsense main ip.
So far, i was able to block the iot from reaching the other wifi and apparently working fine.
Now, the moment i enable blocking access to pfsense (self), the network looses access to the internet and not even google.com is being reachable on a web browser (i got connected to it on my phone for testing purposes).
this is the configuration ive got:
The moment i disable this rule, i have access to the internet, otherwise i'm loose access.
Would any of you be able to help out on this, i'm sure its something simple, but i'm lost at the moment.
Thanks in advance!
-
@dridhas Add an allow rule above it for DNS. You can use the interface for destination.
-
@dridhas What Jarhead said, or else block to This Firewall on ports 22/80/443.
-
Thank you for the replies.
I was able to block access to the firewall by blocking the custom port ive got setup for the main gui.
Thank you!
-
@dridhas If you want to lock down a network/vlan normally you would allow only what you want..
Here is an example of a locked down network.
So can ping the firewall, great for checking connectivity.. So things might ping their gateway in a test of connectivity, etc.
Allow dns and ntp
Then block all access to any firewall IP on anything else.. Block access to any other rfc1918 networks via an alias - this blocks access to other networks/vlans you might have.
Then last rule allows anything else - ie internet.