Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense with multiple nets/nics

    Firewalling
    2
    5
    2440
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      icnivad last edited by

      Hi,

      i've set up a pfsense fw with multiple nics and i've som basicquestions about standard-blocking:

      WAN IP : 80.80.80.80 (DHCP in a Corporate lan)
      LAN: 192.168.1.1
      nic2: 192.168.2.1
      nic3: 192.168.3.1

      A rule for LAN is set, that outbound (anywhere, any port) is allowed. So i can reach internet and so on via wan.
      but in my opinion i should not be able to reach the 192.168.2.0 or .3.0 NET before i put in rules for that.

      Even a ftp access from 192.168.3.3 to 192.168.4.4 works… But i think it shouldn't work as default: Everything that isn't explicitly passed is blocked by default.

      Can s.b. help me ;-)
      Is there a difference between the LAN interface and opt interfaces?

      What is best practice to shutdown my opt-networks from LAN and WAN?

      Regards
      Tom

      1 Reply Last reply Reply Quote 0
      • P
        Perry last edited by

        See the DMZ example here
        http://doc.m0n0.ch/handbook/examples.html

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • I
          icnivad last edited by

          Hi, thanks for your reply

          so every opt-Interface is handled as dmz?
          I'd like to have the opt-interfaceses as additional lan interfaces and seperate all interfaces including LAN from each other…

          I will do some more reading ;-)

          Regards
          Tom

          1 Reply Last reply Reply Quote 0
          • I
            icnivad last edited by

            its me again

            perhaps iv'e missunderstand sth:

            In my Opt1 Interface (192.168.2.1) no rule is set. So everything should be blocked.

            On LAN Interface (192.168.1.1) all outbound is allowed.

            So in my opinion i should not be able to access 192.168.2.2 from a 192.168.1.x adress but i can do so. Why?

            1 Reply Last reply Reply Quote 0
            • P
              Perry last edited by

              correct. Not even Internet access should be possible.

              /Perry
              doc.pfsense.org

              1 Reply Last reply Reply Quote 0
              • First post
                Last post