4. Controlling outgoing interfaces

Controlling outgoing interfaces

  • A

    Hi all,

    I'm trying to set up some rules for my DMZ and am having a bit of trouble getting it to work.

    The pfSense box I'm configuring has 3 interfaces - DMZ, LAN and WAN.  How do I configure a rule so that DMZ hosts can ping the internet, but not ping any host attached to the LAN?

    Please note that my LAN interface has several subnets behind it, so I can't just block LAN subnet.

    Also in a similar vain, how would I go about allowing anyone connected to the LAN interface access to port 80 on the internet (WAN interface), but not port 80 on any hosts connected to the DMZ interface?

    I really appreciate the help everyone, thank you :)

    0
  • P

    Well most create an alias with all your subjects subnets and set up a rule to block it. You can also setup an alias with all private nets (10.0.0.0/8, 172.16.0.0/16, 192.168.0.0/16) and block that. These block rule go above any allow rules you are using as default. If you want access to some of those resources then add pass rules above the blocks. Unles you have reflection on LAN will always try to go to the Internet unless it can route locally.

    0
  • A

    That makes sense, thank you for your reply :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy