4. Controlling outgoing interfaces

Controlling outgoing interfaces

  • A

    Hi all,

    I'm trying to set up some rules for my DMZ and am having a bit of trouble getting it to work.

    The pfSense box I'm configuring has 3 interfaces - DMZ, LAN and WAN.  How do I configure a rule so that DMZ hosts can ping the internet, but not ping any host attached to the LAN?

    Please note that my LAN interface has several subnets behind it, so I can't just block LAN subnet.

    Also in a similar vain, how would I go about allowing anyone connected to the LAN interface access to port 80 on the internet (WAN interface), but not port 80 on any hosts connected to the DMZ interface?

    I really appreciate the help everyone, thank you :)

    0
  • P

    Well most create an alias with all your subjects subnets and set up a rule to block it. You can also setup an alias with all private nets (10.0.0.0/8, 172.16.0.0/16, 192.168.0.0/16) and block that. These block rule go above any allow rules you are using as default. If you want access to some of those resources then add pass rules above the blocks. Unles you have reflection on LAN will always try to go to the Internet unless it can route locally.

    0
  • A

    That makes sense, thank you for your reply :)

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy