Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New NIC - Now can't access cable modem GUI

    General pfSense Questions
    7
    45
    3.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      It's not needed since traffic to private IPs leaving WAN is not normally an issue. But in that scenario if a client on LAN tries to ping, for example, 10.100.0.1 that traffic will be passed and routed out of the WAN to the WAN gateway.

      tinfoilmattT 1 Reply Last reply Reply Quote 0
      • tinfoilmattT
        tinfoilmatt @stephenw10
        last edited by

        @stephenw10 said in New NIC - Now can't access cable modem GUI:

        in that scenario if a client on LAN tries to ping, for example, 10.100.0.1 that traffic will be passed and routed out of the WAN to the WAN gateway.

        if both the 'default deny' rule and the pass rule are configured with protocol 'any' (which i failed to consider in the details of my hypothetical)—that's true!

        if, however, the 'default deny' rule is configured with protocol 'any' and the pass rule is configured only for protocol TCP/UDP, then that's not true.

        regardless, i maintain my position that all of this is more succintly maintained on a per-interface basis.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          I don't have a block outbound rule like that because I don't think it's necessary. But in more complex environments if you really don't want any traffic to private IPs leaving WAN it's the easiest way to ensure that. Maintaining all the rules on each interface if you're adding/removing subnets becomes significant work and open to error.

          tinfoilmattT 1 Reply Last reply Reply Quote 0
          • tinfoilmattT
            tinfoilmatt @stephenw10
            last edited by

            @stephenw10 said in New NIC - Now can't access cable modem GUI:

            But in more complex environments if you really don't want any traffic to private IPs leaving WAN it's the easiest way to ensure that.

            i suppose i could agree with that (sledgehammer-nail approach notwithstanding).

            @stephenw10 said in New NIC - Now can't access cable modem GUI:

            Maintaining all the rules on each interface if you're adding/removing subnets becomes significant work and open to error.

            i also agree with that. friendly reminder to audit your rules regularly, folks!

            i should also mention my view is likely skewed by using pfSense purely for edge routing and firewalling—only a /30 'transit' subnet configured on the LAN side connected directly to core router.

            appreciate the spirited discussion on this (and with you too, @johnpoz).

            A 1 Reply Last reply Reply Quote 1
            • A
              alhaunts @tinfoilmatt
              last edited by

              On a hunch, I swapped the modem for one of the same model from my ISP. Problem is solved & I have GUI access once again. Chalking it up to coincidence with the modem failing at the same time NIC was replaced.

              Thanks to everyone for your assistance.

              1 Reply Last reply Reply Quote 2
              • First post
                Last post