Problem To Configure Network



  • My Network Setup

    Internet –------ 192.168.6.1 (GW for WAN)----- 192.168.6.11 (server Attendance System)
    |
    192.168.6.18 (WAN Interface)
            PfSense
    192.10.99.18 (LAN Interface)
    |
    192.10.99.25(User A) -------------------- 192.10.99.35 (User B)

    1.From 192.168.6.1 can go to internet
    2.I want to config
      a. User A can go to internet
      b. User B can access server Attendance System but cannot access Internet
    3.DNS Server for the Internet



  • This is really a Firewalling question, not a NAT question. But anyway…
    Unless I'm missing something, it seems pretty basic. Just configure firewall rules on the LAN interface, allow source 192.10.99.35 destination 192.168.6.11, then deny source 192.10.99.35 destination any. User A should be fine with the default rules. Just make sure you order them correctly- allow B, deny B, default allow.



  • Thank Mr DotDash for that answer.

    Actually this is the actual network diagram. First at all is i already make the firewall rules like you said but the problem is from user A n B,they cannot use http://eattendance.company.com in their browser because of DNS. Some of my friend said it because NAT , that why i post it here. How do i do to make user A and B can browse http://eattendance.company.com without typing an ip , because if i use ip it can browse. and i cannot change the configuration inside the gateway, the only ideas is to NAT, but still as a newbie i dont know how to do it in PfSense.Plz help Me



  • If you are running the default setup on pfSense, it will be running NAT between LAN and WAN. In that case, all the DNS queries would be coming from 192.168.6.18. User A should be working, but user B would need an additional rule to allow DNS traffic from 172.16.1.20. But that configuration would mean running double-nat, which can have issues. If you are not running NAT on your firewall, The router at 192.168.6.1 would need a route to 192.10.99.0/24 via 192.168.6.18.
    BTW, the 192.10.99.0/24 network is not a bogon/reserved network. It's a public range registered to Symbolics, Inc. You should really be using another reserved network like 192.168.99.0/24. Unless you work for Symbolics.



  • i have the same config as you …
    LAN in class C
    WAN in class C ...

    i have nat some ports but users in WAN can't access to "wan ip's:port"
    you must uncheck this :

    Block private networks
    When set, this option blocks traffic from IP addresses that are reserved for private
    networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses
    (127/8). You should generally leave this option turned on, unless your WAN network
    lies in such a private address space, too.



  • Thank Everyone , solve it , like dotdash said it all automatically nat only me do some careless mistake.
    shreckbull thank for the info


Log in to reply