Rules for multi lans with different subnets[SOLVED]

pcbosrders · Aug 4, 2011, 2:34 PM

changed subnet on wifi to 192.168.6.1 amd set dhcp 192.168.6.50 - 75
net book connects and get ip can't ping any other interface and can't get web
can ping interface ip of 192.168.6.1 but thats it. so dchp is working but nothing else
same rules apply

wifi

WIFI net * * * * none allow clients on AP to access clietns on lan and wan
ICMP * * WIFI net * * none allow ping firewall pfsense_AP

pcbosrders · Aug 4, 2011, 2:51 PM

ok lan to the wan is working can get internet services going to reconfigure mail server to use pfsense
but still can't get wifi to get out to internet
going to set the other interfaces up and see
thanks for the help seem to be going in the right direction

Metu69salemi · Aug 4, 2011, 3:38 PM

Can you do tracert from wifi clients to see where it's halting?

One place worth to look at is Firewall:NAT and edit there manual outbound nat in use. You should see there automatic rule for lan net, you can add all others there too.

pcbosrders · Aug 4, 2011, 3:50 PM

ok found the problem had the gateway for the wifi set wrong fixed and working
got 4 interfaces working out of 5 got some quirks to iron out but i think i got this figured out (as usual making it more complicated than needed)
got another problem trying to get my other opt(subnet172) to go to wan and not any other interface
rule for subnet172

SUBNET172 net * WAN address * * none allow 172 to www

should i change wan address wan subnet or?
trying to prevent subnet172 access to other interfaces except wan
once again thanks getting closer to my goal ;D ;D

Metu69salemi · Aug 4, 2011, 3:54 PM

Easier way: create alias localnets. add every single localnet on that

then create two rules:

block any wifi localnets
pass any wifi *

that should do it

pcbosrders · Aug 4, 2011, 4:12 PM

@Metu69salemi:

Easier way: create alias localnets. add every single localnet on that

then create two rules:

block any wifi localnets

pass any wifi *

that should do it

i have 5 interfaces
wan
lan
opt1subnet172
opt2kidsSubnet
opt3wifi

dont understand what you mean
i want to block another opt(subnet172) not wifi to all interfaces but wan
so if i read what you are showing create a alias and add all subnets include subnet172 and change wifi to subnet172 and this should work

pcbosrders · Aug 4, 2011, 4:30 PM

think i got this do i put the rules under opt(subnet172) or under wan
i think this should go under subnet172
just making sure thanks!!!

Metu69salemi · Aug 4, 2011, 5:03 PM

Yes but it only to that interface subnet172

In pfsense rules are working on ingress. That means, if you add rule to LAN, it doesn't affect to subnet172

pcbosrders · Aug 5, 2011, 1:36 AM

everything seems to work just got some fine tuning
and setting some filtering for parent control
thanks for the help!!!!

Metu69salemi · Aug 5, 2011, 5:51 AM

no problems