Pfsense Router, but still want to limit access like ACL

  • I want to use a pfsense box as a router. I am handed off an usable ip subnet of 63.xx.55.xx/24 but my router needs 63.xx.12.xx/30 for it's assigned IP. It all works fine and i can use all of my public ip's if i turn of packet filtering. Easy solution except i would really like to at a minimum be able lock down access to the box by certain IP's So i don't need any NAT or redirecting. Is there an easy way to do this?

  • Still nothing? I'm thinking there has to be a way to make this work, anyone….

    • Reenable the packet filter.
    • Enable "manual outbound rule generation" (firewall –> NAT --> Outbount)
    • Delete/Create outbound NAT rules according to your needs.
      --> Removing all outbound NAT rules will give you a purely routed setup with firewall capability.

  • Thank you for the reply. I have packet filtering enabled. Webconfig anti lockout rule off. configured outbound NAT like you said. And i have it working as expected.

  • I did notice one problem with using the PFsense box as a router as described above. It does route traffic as expected and i can have my 1 or 2 rules to restrict access to the box except from my network, but apparently this breaks PPTP connections. I have and will have other firewalls behind this pfsense router and currently i am running another pfsense box behind it for my private network. I will have another for a DMZ network, and then i have other customer that will be behind it with their own firewalls. Kind of a bad thing if they won't be able to have vpn's. Haven't tried and FTP'ing yet to see if it will have a problem. I'm a little confused as to why it would have these problems since NAT is essentially off.

Log in to reply