Setup of diffrent LAN

micro80

Hello!

I need help to configure the firewall rule.

I have three LAN interfaces.

Interfaces:
LAN
DMZ (OPT1)
Guest (OPT2)

I want to block connection from
Guest to DMZ & LAN
DMZ to Guest.

All of interfaces have web access.
LAN is only the interface that can connect to Guest & DMZ.

How can I do this?

Guest nettwork:
Function:  Prot: Source:      Port:  Destination:  Port: Gateway:
Block        *    Guest net      *      LAN net          *      *
Block        *    Guest net      *      DMZ net        *      *
Pass          *    Guest net      *      WAN net        *    *

DMZ nettwork:
Function:  Prot:  Source:      Port:  Destination:    Port: Gateway:
Pass          Both  Wan Net      21    172.16.10.2    21
Block        *        DMZ net      *      WAN net          *      *

I need some advice

GruensFroeschli

Rules are applied inbound on an interface.
So a rule with as source "Wan Net" on the DMZ interface will do absolutely nothing.
Also Destination: "Wan Net" means exactly that: The destination has to be in the subnet of the WAN.
–> This is not the internet.

pfSense per default blocks everything.
So instead of blocking everything before the allow rule, you can do it reverse.

Also you can make everything a lot easier with aliases:
http://forum.pfsense.org/index.php/topic,14989.0.html