what's the difference "VLAN1 subnet" to "192.168.1.0/24"
-
@Gummi said in what's the difference "VLAN1 subnet" to "192.168.1.0/24":
It seems to me as I had to add both rules...
No, you don't, unless you did something wrong.
-
@Gummi If you decide to change the IP address of VLAN 1 to 192.168.2.0/24 from 192.168.1.0/24 you wouldn't need to change any firewall rules that listed VLAN1 subnet.
IMO use XXXXX subnet in your firewall rules whenever you can.
-
I would go with you ...
But I after I added a rule with "VLAN1 subnet", in the logs I found a "failed" entry which I had to copy to the rules; then it passed.
Comparing the two rules (including "Display Advanced") the only difference I could find was the source...
Where could the problem be?
Mutzli
-
@Gummi paste in a screenshot of your rule.
-
@Gummi as mentioned its best to to use the alias for your networks - because if at some point they change your rules would still be valid.
You should be able to view what those networks are in the table section.
Only wan and lan will have names on them - the others will just list the actual OPTX network, not what name you put on them.
But its quite possible depending on the rule you were actually trying to create something was not right, also keep in mind if you put in a block rule, if there was existing state the state would allow the traffic until the state has gone away either due to timeout or you removed it.
What exactly failed when you tried to add the rule?
-
The only difference is the source. Now I try to figure out if there is a difference between VLAN1 and the subnet 192.168.1.0/24...
Gummi
-
Just realised that the subnet 192.168.1.0 and 192.168.10.0 don't match.
But KAILON is VLAN10 and the subnet is 192.168.10.0, which is correct.
I wanted to hide the real numbers. ;)Gummi
-
@Gummi what is in broadcast_kailon? Broadcasts would not be passed by pfsense anyway.. So not sure what your wanting to allow there? Regardless of the source..
What are you wanting to allow.. 137 netbios-ns is a broadcast protocol.. Your not going to get any sort of name resolution across subnets with that..
-
@johnpoz
Since I'm new to firewalls, I wanted in the first run enable all traffic.
Afterwards disable one by one to see what is really needed. -
@Gummi again broadcast traffic isn't going to pass your router.. Your not going to get name resolution via that across subnets.
What rules you put on pfsense isn't going to matter.