Pfsense with multiple nets/nics
-
Hi,
i've set up a pfsense fw with multiple nics and i've som basicquestions about standard-blocking:
WAN IP : 80.80.80.80 (DHCP in a Corporate lan)
LAN: 192.168.1.1
nic2: 192.168.2.1
nic3: 192.168.3.1A rule for LAN is set, that outbound (anywhere, any port) is allowed. So i can reach internet and so on via wan.
but in my opinion i should not be able to reach the 192.168.2.0 or .3.0 NET before i put in rules for that.Even a ftp access from 192.168.3.3 to 192.168.4.4 works… But i think it shouldn't work as default: Everything that isn't explicitly passed is blocked by default.
Can s.b. help me ;-)
Is there a difference between the LAN interface and opt interfaces?What is best practice to shutdown my opt-networks from LAN and WAN?
Regards
Tom -
See the DMZ example here
http://doc.m0n0.ch/handbook/examples.html -
Hi, thanks for your reply
so every opt-Interface is handled as dmz?
I'd like to have the opt-interfaceses as additional lan interfaces and seperate all interfaces including LAN from each other…I will do some more reading ;-)
Regards
Tom -
its me again
perhaps iv'e missunderstand sth:
In my Opt1 Interface (192.168.2.1) no rule is set. So everything should be blocked.
On LAN Interface (192.168.1.1) all outbound is allowed.
So in my opinion i should not be able to access 192.168.2.2 from a 192.168.1.x adress but i can do so. Why?
-
correct. Not even Internet access should be possible.