Pfsense with multiple nets/nics



  • Hi,

    i've set up a pfsense fw with multiple nics and i've som basicquestions about standard-blocking:

    WAN IP : 80.80.80.80 (DHCP in a Corporate lan)
    LAN: 192.168.1.1
    nic2: 192.168.2.1
    nic3: 192.168.3.1

    A rule for LAN is set, that outbound (anywhere, any port) is allowed. So i can reach internet and so on via wan.
    but in my opinion i should not be able to reach the 192.168.2.0 or .3.0 NET before i put in rules for that.

    Even a ftp access from 192.168.3.3 to 192.168.4.4 works… But i think it shouldn't work as default: Everything that isn't explicitly passed is blocked by default.

    Can s.b. help me ;-)
    Is there a difference between the LAN interface and opt interfaces?

    What is best practice to shutdown my opt-networks from LAN and WAN?

    Regards
    Tom





  • Hi, thanks for your reply

    so every opt-Interface is handled as dmz?
    I'd like to have the opt-interfaceses as additional lan interfaces and seperate all interfaces including LAN from each other…

    I will do some more reading ;-)

    Regards
    Tom



  • its me again

    perhaps iv'e missunderstand sth:

    In my Opt1 Interface (192.168.2.1) no rule is set. So everything should be blocked.

    On LAN Interface (192.168.1.1) all outbound is allowed.

    So in my opinion i should not be able to access 192.168.2.2 from a 192.168.1.x adress but i can do so. Why?



  • correct. Not even Internet access should be possible.


Log in to reply