Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup of diffrent LAN

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      micro80
      last edited by

      Hello!

      I need help to configure the firewall rule.

      I have three LAN interfaces.

      Interfaces:
      LAN
      DMZ (OPT1)
      Guest (OPT2)

      I want to block connection from
      Guest to DMZ & LAN
      DMZ to Guest.

      All of interfaces have web access.
      LAN is only the interface that can connect to Guest & DMZ.

      How can I do this?

      Guest nettwork:
      Function:  Prot: Source:      Port:  Destination:  Port: Gateway:
      Block        *    Guest net      *      LAN net          *      *
      Block        *    Guest net      *      DMZ net        *      *
      Pass          *    Guest net      *      WAN net        *    *

      DMZ nettwork:
      Function:  Prot:  Source:      Port:  Destination:    Port: Gateway:
      Pass          Both  Wan Net      21    172.16.10.2    21
      Block        *        DMZ net      *      WAN net          *      *

      I need some advice

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Rules are applied inbound on an interface.
        So a rule with as source "Wan Net" on the DMZ interface will do absolutely nothing.
        Also Destination: "Wan Net" means exactly that: The destination has to be in the subnet of the WAN.
        –> This is not the internet.

        pfSense per default blocks everything.
        So instead of blocking everything before the allow rule, you can do it reverse.

        Also you can make everything a lot easier with aliases:
        http://forum.pfsense.org/index.php/topic,14989.0.html

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.