CP and LAN accessible once authenticated
there's something wrong with my setup, once users are authenticated via the CP listening on GUESTS interface they can access resources on LAN side.
I have 3 NICs (LAN,GUESTS,WAN), on GUESTS side I have the attached rules.
No rules on LAN except default anti-lockout rule.
On a remote machine on LAN subnet I can see traffic from pfSense LAN address instead of GUESTS clients IP addresses, so any firewall rule I apply to GUESTS subnet is ignored and traffic not being blocked.
Is this expected?
edit: I'm on 2.0RC3
Do you have any nat rules on the GUEST or LAN interface?
i have a single TCP port forward from WAN to a GUESTS host, but no NAT rules on LAN/GUESTS and
AONAutomatic Outbound NAT is active
well, I have transparent proxy enabled too, to log and report CP traffic.
if I turn it off I can no longer access LAN devices, so it's because of it.
is there a rule to avoid this? or maybe I should post this question to a more appropriate section?
YEah its not for CP.
Though you can stop this through floating rules with direction out and source pfsense itself.
Or on the proxy just block the LAN sites.
or even use "Bypass proxy for these destination IPs" and block whole LAN subnet via normal firewall rules.
thanks for the support