Pfsense 2 rc2 allow ping opt1 to opt2
-
Good morning, have a server configured with pfSense 2.0 rc2
It 4 network adapter
1 - WAN (Internet)
2 - LAN (Local Area Network) 192.168.0.1
3 - OPT1 (Multimedialna_PBP) 10.0.0.1
4 - OPT2 (wifi) 192.168.11.1Now are, that lan, opt1 and opt2 can every subnet ping . example
C:>ping 192.168.11.1
Badanie 192.168.11.1 z użyciem 32 bajtów danych:
Odpowiedź z 192.168.11.1: bajtów=32 czas<1 ms TTL=64
Statystyka badania ping dla 192.168.11.1:
Pakiety: Wysłane = 1, Odebrane = 1, Utracone = 0 (0% straty),
Szacunkowy czas błądzenia pakietów w millisekundach:
Minimum = 0 ms, Maksimum = 0 ms, Czas średni = 0 msI don't known, Why! I can ping from opt1 to opt2 and back.
I think this rules not permit ping from op1 to opt2 and back
Port opt1 and opt2 are not same lan and not enabled bridge
Sorry for my english
-
Are you looking to block access of ping or allow?
-
I want every packets blocking between subnet op1 and opt2. Subnets opt1 and opt2 permit acces internet only.
it's strange because at pfsense 1.2.3 it's working
-
At the moment your firewall rules are allowing traffic of any protocol to any destination. That includes ICMP to other local subnets.
You need to alter them to allow only traffic you want.Steve
-
ok, but
examples for wifi rules.
second rule block everything packets
first allow only packets outcoming from opt2 (wifi)
so I think rules block packet incoming from opt1 (Multimedialna_pbp) becouse packet from source 10.0.0.1 which fits for rules created at opt2 (rule blocking everything).I can create rule at opt1 (10.0.0.0) block destinaton packet to opt2 (192.168.11.0) and its work for me (not allow ping from opt1 to opt2)
but I think is worst becouse when I have got many subnet, I will create many rules block other subnet.
I don't know why second rule at opt2 everything do not block pakiet incoming/outcoming packet from interfaces opt2
-
How do I create rule allow only public internet example for opt 2 and opt1
-
Here is what have done for internet access only:
I created an alias for all my local subnets called LOCAL. For that is 192.168.0.0/16 but you can add whatever subnets you have.
Then I create a firewall rule to allow any traffic that has destination NOT LOCAL. I also add rule allow access to port 53 on the adapter address so that DNS forwarding still works.
Steve
-
same problem…
maximal unsecure, if i forgot add network to exclude of network destinations traffic run through :-(
-
The default behavior of LAN is to allow all traffic to any destination. This allows for ease of setup for a simple wan LAN install.
The default behavior of any additional interfaces is block everything. If you add interfaces you must configure your firewall rules to suit your network.Steve
-
ok, it is fine if you have one LAN
but with multi LAN i find this setup not very good :-(
because it is necessary to think after adding new network to aliases and create new rule to block traffic between LANs