Rules Clarifcation



  • Hi All
    I'm just trying to clarify something. Say my pfsense firewall has two interfaces public address is 1.2.3.4 and private address is 192.168.1.1
    When I am creating a firewall rule, an option under source is lan address. Does lan address mean the interface address 192.168.1.1 or does it mean an address say 192.168.1.50 connected to the lan interface?


  • Rebel Alliance

    In your case LAN address = 192.168.1.1

    For 192.168.1.50 it must be "LAN Subnet" ( if you have an /24 )

    Maybe if you explain what are trying to do ( some screenshot of the rules tab ), is easy to help / answer with your question.

    Also you can take a look to the docs.  http://doc.pfsense.org/index.php/Main_Page



  • Sure, I have a non-standard setup. I'm trying to replace sonicwall with pfsense :D (Some of my friends would be upset) but I do believe pfsense is more powerful. Please look at my little layout below.
    65.x.x.x  pfsense 10.20.20.2/30 ===> 10.20.20.1/30 (Router) 192.168.1.1/24 ====> users
              (WAN)    (LAN)

    I'm trying to access the pfsense webconfigurator which has 10.20.20.2 as it's lan address from 192.168.1.50/24 (users) and cannot. I figured the anti-lockoout rule would take care of this since that allows traffic from anywhere on ports 22, 80 and 443 to "lan address" I can ping 10.20.20.2 (pfsense) from 192.168.1.50. I can ping 192.168.1.50 from the pfsense box but I just cannot access the webconfigurator. I'm stumped.



  • All is good, I got it working. Thanks anyway.


Locked