Strange things with rules and gateway solved

  • Hi I'm new to firewalls and pfsense.
    the project I'm attempting is to replace 2 routers with pfsense and to create a parent filter by ip on kids machine

    setup currently working but limited settings
    Internet (wifi) –> DDrt-linksys ----> to subnet (A) --- web server, ftp, & mail
                              vlanned port 4 of linksys to wan of another router subnet (B)
    with virus scan and dansguardian running of off subnet A

    so far got Pfsense loaded and configured with wan, lan and opt1(wireless ap)

    the psfense box can ping subnet a and b and wan
    opt1 and lan can talk (created a bridge between lan and opt1)

    wan ip 169.254.100 wangw
    lan ip this i have set on my machines as there gateway
    opt1 ip
    vlan 10  ip on the wan interface

    here is the weird part
    no nat port forward or 1:1 or outbound all blank

    floating no rules
    wan no rules
    lan default anti-lock

    action pass
    interface lan
    protocol any
    source lan subnet
    destination any

    action pass
    interface opt1
    protocol any
    source any
    destination any
    gateway wangw

    that is the settings
    problem is that opt1 over wireless gets to the outside (internet ) as long as the gateway is set to wangw
                 lan can not see out  unless i change the gateway to wangw if i remove the gateway from either interface,
                 that interface can't get out.

    also my ip from the ISP is a little different do to the wireless setup they have
    my ip is static
    my isp gateway is this set to the wangw
    (witch took awhile to figure out it is in bogon list )
    also if i go to what is my ip web site i get a different ip

    do i have to manually set the gateway on each interface ?  I thought default gateway was the wan interface gateway

    all of my servers and subnets work with the old setup
    just trying to move to pfsense for more control so i can create another vlan
    and subnet that to for the kids and run filtering
    trying to figure this out getting real confused
    I also under stand that i have to port forward all required server ports that shouldn't be a problem i hope

Log in to reply