4. LAN-side subnets?

LAN-side subnets?

  • D

    I'm putting this here since it's "installation" in the sense that I'm still working on installing it. That and I don't know where else it belongs.

    pfSense's LAN is 10.200.0.0 we'll say. That's an internal subnet for all of our Content Filtration, etc.
    Actual clients reside on 10.100.0.0/16, 10.105.0.0/24, 10.110.0.0/24, 10.115.0.0/24, 10.120.0.0/24, 10.125.0.0/24, 10.130.0.0/24. There's a Cisco router that passes all outbound traffic to the pfSense box.
    (So, 10.100.0.0 -> 10.201.0.0 -> WAN )

    I quickly discovered that pfSense won't forward traffic from 10.100.0.0 automatically, since IT's LAN is on 10.200.0.0. So I created a rule that allowed 10.100.0.0 to WAN. Fine, that worked.

    Is this really the best way to do this? Create an outgoing rule for EACH subnet? What if I need to create a rule to deny something from outgoing? Do I need to create one for each subnet?

    0
  • H

    Create a subnets alias at firewall>aliases likel "localsubs". Add all your local subnets there. Then edit the default lan to any rule at firewall>rules, lan tab. Change source LAN-subnet to "single host or alias " and "localsubs". Now you have a single rule that will allow all your internal subnets out. If you need to block single IPs or ports or destinations add a bloc rule on top of this rule. First match wins. You also can use aliases here for a group of hosts or ports to sum up mulitple rules in one rule.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy