1 WAN -2 separate Lan w/ internet access - opt 3 with server



  • Ok, I have been messing with the settings forever.  Finally I will ask for directions.

    AFter establishing all NIC addresses ie  wan …. lan 1 .... lan 2 ... opt 3 (which is reseverd for network connection to server)

    I have not for the life of me been able to create the proper rules to allow internet access to lan 2.

    I am looking for some what of a lamens "firewall rules" example of how to properly set this up...my lan 1 will have internet access, however, to only one computer.  The others on the lan will just file share between one another.  (lan 1/ machine 2 to lan 1/machine 3).  lan2 to an entirely sepearate net just for internet browsing, and live access on a 360.  opt 3 will be a homebrew server that will file share only to lan 1, as well as serve some other purpose.

    I apologize for such a noob question, but, I have only recently had my eyes opened to the wonderous world of pfsense...what an amazing thing I have never known.

    P.S.  root your android phones ... they are collecting all of your information without your knowledge and or approval and uploading it to who ever the frick want's it- gottal love the goog.



  • Go to Firewall ->  NAT.

    Switch to manual outbound NAT.

    You'll see a "Default Allow rule for LAN".

    Click the "+" sign to duplicate this rule.

    Change the subnet to your LAN2 subnet.

    Save.

    Then head to Firewall -> Rules
    Click on LAN2 tab.
    Add a new 'Allow' rule with Source = LAN2 subnet.  Destination as any.  Save this rule to allow LAN2 to reach any destination.

    Apply the rules and wait for filter reload.  That should enable LAN2 to obtain internet access as well.

    For OPT3 tab to serve LAN1, you need to create an Allow rule with destination as LAN1 subnet in order to allow the server to serve to LAN1.  Do note that broadcasts are not transmitted over so you have to login via the server address from LAN1.  The auto discovery features will not work.



  • @dreamslacker:

    Go to Firewall ->  NAT.

    Switch to manual outbound NAT.

    You'll see a "Default Allow rule for LAN".

    Click the "+" sign to duplicate this rule.

    Change the subnet to your LAN2 subnet.

    Save.

    Then head to Firewall -> Rules
    Click on LAN2 tab.
    Add a new 'Allow' rule with Source = LAN2 subnet.  Destination as any.  Save this rule to allow LAN2 to reach any destination.

    Apply the rules and wait for filter reload.  That should enable LAN2 to obtain internet access as well.

    For OPT3 tab to serve LAN1, you need to create an Allow rule with destination as LAN1 subnet in order to allow the server to serve to LAN1.  Do note that broadcasts are not transmitted over so you have to login via the server address from LAN1.  The auto discovery features will not work.

    I just registered to ask this same question!  Thanks Dreamslacker.

    I figured this out on my own a couple days ago but I have one huge problem with this.  The lan* subnet to any rule allows lan* access to all networks.  Is this really the recommended way to configure internet access?  Why can't I just do a lan* to Wan subnet rule?  Lan* to Wan didn't work for me but I was hoping there was a setting I mis-configured.

    I ended up creating an alias for all networks except WAN, then I created a block rule that sits above the LAN* to any rule but below specifically defined rules to other networks.  It works but it just doesn't seem like the correct way to configure internet access for a network.  Is this all correct?

    (BTW - this is not a thread jack as it directly relates to the original post)



  • thank you…I will try and return with my result...  I appreciate the time you took from your life to answer mt silly question.,


Log in to reply