WLAN interface unable to access internet

yea

Hi,

I have a 5100 pfsense appliance. I recently broke my config, so am having to learn it all again.

I have a WAN, LAN and WLAN interface. LAN has static IPs. WLAN a few static but a small range of DHCP.

I need the WLAN interface to be able to:

• Access the internet.

• Be able to access a specific host IP and port on the WLAN network

• and nothing else.

My priority atm is to get my WLAN accessing the internet, but if you can help with the other query, fantastic.

Many thanks

SteveITS

@yea Only LAN has rules by default so you need to create rules on WLAN. Something like

Allow to This Firewall 53/tcp+udp
Block to This firewall
Block to LAN
Allow to any

From LAN to WLAN would be a rule on LAN.

yea

@steveits Thank you SteveITS I'll give it a go! :)

yea

Hi Steve this appears to work, but how can I block WLAN access to my firewall GUI please?

If I just block to this firewall it overrides the DNS allow.

Many thanks

viragomann

@yea
You have to put the rules into the correct order. The allow DNS rule has to be the first one in the rule set.
You can move the rules around by dragging them, then hit the save button at the bottom followed by the Apply button at the top. The save button is for the rule order.

yea

@viragomann

I have

block bogons

Allow IPV4+6 TCP/UDP WLAN net * This Firewall 53 * none
Allow IPV4+6 TCP/UDP WLAN net * This Firewall 853 * none
Block IPV4+6 TCP/UDP WLAN net * This Firewall * none
Block IPV4+6 TCP/UDP WLAN net * LAN Net * none

The block to the firewall causes DNS to be blocked. Any ideas?

viragomann

@yea
That's pretty strange, since DNS should be allowed by the upper rule.
Enable logging in the rule, then check the firewall log to see, which ports / protocols are blocked.

yea

@viragomann

It's been some time since I messed with pfsense but I thought a block over rule any allows.

SteveITS

@yea Rules are processed in order, top down.