Problem To Configure Network

  • My Network Setup

    Internet –------ (GW for WAN)----- (server Attendance System)
    | (WAN Interface)
            PfSense (LAN Interface)
    | A) -------------------- (User B)

    1.From can go to internet
    2.I want to config
      a. User A can go to internet
      b. User B can access server Attendance System but cannot access Internet
    3.DNS Server for the Internet

  • This is really a Firewalling question, not a NAT question. But anyway…
    Unless I'm missing something, it seems pretty basic. Just configure firewall rules on the LAN interface, allow source destination, then deny source destination any. User A should be fine with the default rules. Just make sure you order them correctly- allow B, deny B, default allow.

  • Thank Mr DotDash for that answer.

    Actually this is the actual network diagram. First at all is i already make the firewall rules like you said but the problem is from user A n B,they cannot use in their browser because of DNS. Some of my friend said it because NAT , that why i post it here. How do i do to make user A and B can browse without typing an ip , because if i use ip it can browse. and i cannot change the configuration inside the gateway, the only ideas is to NAT, but still as a newbie i dont know how to do it in PfSense.Plz help Me

  • If you are running the default setup on pfSense, it will be running NAT between LAN and WAN. In that case, all the DNS queries would be coming from User A should be working, but user B would need an additional rule to allow DNS traffic from But that configuration would mean running double-nat, which can have issues. If you are not running NAT on your firewall, The router at would need a route to via
    BTW, the network is not a bogon/reserved network. It's a public range registered to Symbolics, Inc. You should really be using another reserved network like Unless you work for Symbolics.

  • i have the same config as you …
    LAN in class C
    WAN in class C ...

    i have nat some ports but users in WAN can't access to "wan ip's:port"
    you must uncheck this :

    Block private networks
    When set, this option blocks traffic from IP addresses that are reserved for private
    networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses
    (127/8). You should generally leave this option turned on, unless your WAN network
    lies in such a private address space, too.

  • Thank Everyone , solve it , like dotdash said it all automatically nat only me do some careless mistake.
    shreckbull thank for the info