Issues Blocking Access to Management Pages via pfSense VLAN
-
Hello everyone,
I'm seeking some assistance with access control in my networking setup, which involves Proxmox hosting a pfSense virtual machine (VM). Here's a breakdown of my configuration and the challenges I'm encountering:
Setup:
- Proxmox installed on a computer, hosting pfSense as a VM.
- pfSense VM equipped with two network interfaces: Ethernet port 1 and Ethernet port 2.
- Ethernet port 1 connected to my ISP router.
- Ethernet port 2 connected to my laptop.
- Proxmox server IP: 192.168.0.100
- pfSense WAN IP: 192.168.0.101
- pfSense LAN IP: 10.100.20.1
- Created a VLAN within pfSense.
Issues:
- Successfully blocked a device from accessing the pfSense management page at 10.100.10.1.
- Unable to block access from a device with IP 192.168.0.100 to the pfSense management page.
- Also unable to block access to the ISP router admin page.
Any advice or insights on resolving these access control issues would be greatly appreciated. Thank you for your time and assistance!
-
@charleso .10.1 is the VLAN?
You probably want to use the This Firewall alias which covers all pfSense IPs.
On VLAN interface something like:
Allow from VLAN network to This Firewall:53 for DNS
Reject from VLAN network to This Firewall ports 22/80/443
Reject from VLAN network to ISP router, ports 80/443
Reject from VLAN network to LAN network
Allow from VLAN network to any(Internet) -
Thank you for your assistance in resolving my issue. After spending a night looking into it, I noticed that the problem was because the traffic was not being routed through the VLAN as intended, but rather through my local network. I apologise for any inconvenience caused by this oversight. I've now managed to block access to both the router administrative page and the Proxmox page by rejecting traffic from the VLAN network to their respective addresses.