Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Wireless Internet access does not work

    Firewalling
    2
    4
    1694
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MisterE last edited by

      Wifi computers may only connect to the internet and not access LAN (or any other future DMZ).

      normal lan: 192.168.1.x
      wifi 192.168.3.x

      i created the following rules:
      Firewall: NAT: Outbound
      WAN    192.168.3.0/24  *  *  *  *  *  NO

      Firewall: Rules: Wireless tab
      *  WIRELESS net  *  WAN net  *  *  none

      If i change the rule like this, then it works (like shown in m0n0wall handbook)
      *  WIRELESS net  *  ! LAN net  *  *  none

      But i don't like this system. A firewall should block everything unless i make a rule. This rule only blocks the access to 1 subnet. If i later add another DMZ i have to create a rule otherwise the wifi systems can connect to this DMZ.
      So, the question is. Can i allow access with only "allow" rules?

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi last edited by

        Firewall does block everything by default, but if you have rule pass any then it's going to pass any.
        you can create a rule pass !lan net

        Try that if that is any better

        1 Reply Last reply Reply Quote 0
        • M
          MisterE last edited by

          @Metu69salemi:

          Firewall does block everything by default, but if you have rule pass any then it's going to pass any.
          you can create a rule pass !lan net

          Try that if that is any better

          the point is that i want a rule that wifi may connect to the internet (and only the internet). So i want to create that like this:
          *  WIRELESS net  *  WAN net  *  *  none

          I don't like the idea of a rule saying: "the wifi can connect to everything, except the lan network". This will immedialtly cause a security breach when i add a new network subnet later.

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi last edited by

            You can also use an alias like "local nets"
            then when you add new interfaces etc you add that network to local nets so by using pass !"local nets" rule you can do what you desire.

            But how this notation works is out of my hands.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post