Rules for multi lans with different subnets[SOLVED]
-
changed subnet on wifi to 192.168.6.1 amd set dhcp 192.168.6.50 - 75
net book connects and get ip can't ping any other interface and can't get web
can ping interface ip of 192.168.6.1 but thats it. so dchp is working but nothing else
same rules applywifi
- WIFI net * * * * none allow clients on AP to access clietns on lan and wan
ICMP * * WIFI net * * none allow ping firewall pfsense_AP
- WIFI net * * * * none allow clients on AP to access clietns on lan and wan
-
ok lan to the wan is working can get internet services going to reconfigure mail server to use pfsense
but still can't get wifi to get out to internet
going to set the other interfaces up and see
thanks for the help seem to be going in the right direction -
Can you do tracert from wifi clients to see where it's halting?
One place worth to look at is Firewall:NAT and edit there manual outbound nat in use. You should see there automatic rule for lan net, you can add all others there too.
-
ok found the problem had the gateway for the wifi set wrong fixed and working
got 4 interfaces working out of 5 got some quirks to iron out but i think i got this figured out (as usual making it more complicated than needed)
got another problem trying to get my other opt(subnet172) to go to wan and not any other interface
rule for subnet172- SUBNET172 net * WAN address * * none allow 172 to www
should i change wan address wan subnet or?
trying to prevent subnet172 access to other interfaces except wan
once again thanks getting closer to my goal ;D ;D -
Easier way: create alias localnets. add every single localnet on that
then create two rules:
- block any wifi localnets
- pass any wifi *
that should do it
-
Easier way: create alias localnets. add every single localnet on that
then create two rules:
- block any wifi localnets
- pass any wifi *
that should do it
i have 5 interfaces
wan
lan
opt1subnet172
opt2kidsSubnet
opt3wifidont understand what you mean
i want to block another opt(subnet172) not wifi to all interfaces but wan
so if i read what you are showing create a alias and add all subnets include subnet172 and change wifi to subnet172 and this should work -
think i got this do i put the rules under opt(subnet172) or under wan
i think this should go under subnet172
just making sure thanks!!! -
Yes but it only to that interface subnet172
In pfsense rules are working on ingress. That means, if you add rule to LAN, it doesn't affect to subnet172
-
everything seems to work just got some fine tuning
and setting some filtering for parent control
thanks for the help!!!! -
no problems