Setup of diffrent LAN



  • Hello!

    I need help to configure the firewall rule.

    I have three LAN interfaces.

    Interfaces:
    LAN
    DMZ (OPT1)
    Guest (OPT2)

    I want to block connection from
    Guest to DMZ & LAN
    DMZ to Guest.

    All of interfaces have web access.
    LAN is only the interface that can connect to Guest & DMZ.

    How can I do this?

    Guest nettwork:
    Function:  Prot: Source:      Port:  Destination:  Port: Gateway:
    Block        *    Guest net      *      LAN net          *      *
    Block        *    Guest net      *      DMZ net        *      *
    Pass          *    Guest net      *      WAN net        *    *

    DMZ nettwork:
    Function:  Prot:  Source:      Port:  Destination:    Port: Gateway:
    Pass          Both  Wan Net      21    172.16.10.2    21
    Block        *        DMZ net      *      WAN net          *      *

    I need some advice



  • Rules are applied inbound on an interface.
    So a rule with as source "Wan Net" on the DMZ interface will do absolutely nothing.
    Also Destination: "Wan Net" means exactly that: The destination has to be in the subnet of the WAN.
    –> This is not the internet.

    pfSense per default blocks everything.
    So instead of blocking everything before the allow rule, you can do it reverse.

    Also you can make everything a lot easier with aliases:
    http://forum.pfsense.org/index.php/topic,14989.0.html


Log in to reply