Pfsense with multiple nets/nics
i've set up a pfsense fw with multiple nics and i've som basicquestions about standard-blocking:
WAN IP : 22.214.171.124 (DHCP in a Corporate lan)
A rule for LAN is set, that outbound (anywhere, any port) is allowed. So i can reach internet and so on via wan.
but in my opinion i should not be able to reach the 192.168.2.0 or .3.0 NET before i put in rules for that.
Even a ftp access from 192.168.3.3 to 192.168.4.4 works… But i think it shouldn't work as default: Everything that isn't explicitly passed is blocked by default.
Can s.b. help me ;-)
Is there a difference between the LAN interface and opt interfaces?
What is best practice to shutdown my opt-networks from LAN and WAN?
See the DMZ example here
Hi, thanks for your reply
so every opt-Interface is handled as dmz?
I'd like to have the opt-interfaceses as additional lan interfaces and seperate all interfaces including LAN from each other…
I will do some more reading ;-)
its me again
perhaps iv'e missunderstand sth:
In my Opt1 Interface (192.168.2.1) no rule is set. So everything should be blocked.
On LAN Interface (192.168.1.1) all outbound is allowed.
So in my opinion i should not be able to access 192.168.2.2 from a 192.168.1.x adress but i can do so. Why?
correct. Not even Internet access should be possible.