Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Controlling outgoing interfaces

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Averenix
      last edited by

      Hi all,

      I'm trying to set up some rules for my DMZ and am having a bit of trouble getting it to work.

      The pfSense box I'm configuring has 3 interfaces - DMZ, LAN and WAN.  How do I configure a rule so that DMZ hosts can ping the internet, but not ping any host attached to the LAN?

      Please note that my LAN interface has several subnets behind it, so I can't just block LAN subnet.

      Also in a similar vain, how would I go about allowing anyone connected to the LAN interface access to port 80 on the internet (WAN interface), but not port 80 on any hosts connected to the DMZ interface?

      I really appreciate the help everyone, thank you :)

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Well most create an alias with all your subjects subnets and set up a rule to block it. You can also setup an alias with all private nets (10.0.0.0/8, 172.16.0.0/16, 192.168.0.0/16) and block that. These block rule go above any allow rules you are using as default. If you want access to some of those resources then add pass rules above the blocks. Unles you have reflection on LAN will always try to go to the Internet unless it can route locally.

        1 Reply Last reply Reply Quote 0
        • A
          Averenix
          last edited by

          That makes sense, thank you for your reply :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.