Pfsense with multiple nets/nics

  • Hi,

    i've set up a pfsense fw with multiple nics and i've som basicquestions about standard-blocking:

    WAN IP : (DHCP in a Corporate lan)

    A rule for LAN is set, that outbound (anywhere, any port) is allowed. So i can reach internet and so on via wan.
    but in my opinion i should not be able to reach the or .3.0 NET before i put in rules for that.

    Even a ftp access from to works… But i think it shouldn't work as default: Everything that isn't explicitly passed is blocked by default.

    Can s.b. help me ;-)
    Is there a difference between the LAN interface and opt interfaces?

    What is best practice to shutdown my opt-networks from LAN and WAN?


  • Hi, thanks for your reply

    so every opt-Interface is handled as dmz?
    I'd like to have the opt-interfaceses as additional lan interfaces and seperate all interfaces including LAN from each other…

    I will do some more reading ;-)


  • its me again

    perhaps iv'e missunderstand sth:

    In my Opt1 Interface ( no rule is set. So everything should be blocked.

    On LAN Interface ( all outbound is allowed.

    So in my opinion i should not be able to access from a 192.168.1.x adress but i can do so. Why?

  • correct. Not even Internet access should be possible.