Single Nic + 4 Vlans + ICMP
-
Hi all,
I must be doing something wrong. Recently I changed from Endian FW to pfsense and trying to set it up in a similar fashion without much success.
Setup: See Attachment.
LAN : Private Network address
DMZ : Private Network address
WIRELESS : Private Network addressI would like to isolate my Wireless network so that it can only get to the internet and no other network, but there does not seem to be an option for this? ie WAN_subnet seems to give me the ISP subnet
Say I put in the following rule:
WIRELESS ICMP any WIRELESS_Subnet > any
I am now able to ping to all networks, including my DMZ and Internal.I then try
WIRELESS ICMP any WIRELESS_subnet > WAN_subnet
Now I can only ping my external address.Is there a way to do this or do I really need to configure an alias with Private Networks and deny them in the rule
WIRELESS ICMP any WIRELESS_subnet > !priv_net_aliasEndian had a RED interface that I could just use and it give me all external addresses?
Please help
Cheers
-
create a rule ANY–>ANY but set a fixed gateway(group) at the advanced section of the firewall rule
that way you won't be able to go to the other lan-subnets but still have access to all internet address'.the other option is to create an alias like you suggested
-
Hi Heper,
I tried your suggestion but didn't seem to work. Just to see if I'm right, I created the rule
WIRELESS ICMP any WIRELESS_Subnet > any [Advanced Options] Gateway selected WAN: <isp ip="">instead of default.
Cheers</isp>
-
That should work.
Remember that firewall rules are read from the top down and any match will then stop further matching.Alternatively setup an alias as you suggested, that's what I have done it's not difficult, or add blocking rules above the allow rule to prevent access to your other subnets.
Steve
-
Hi Steve,
Strange that it doesn't work. It's currently the only rule I have under the wireless interface.
Cheers
