Problem To Configure Network
My Network Setup
Internet –------ 192.168.6.1 (GW for WAN)----- 192.168.6.11 (server Attendance System)
192.168.6.18 (WAN Interface)
126.96.36.199 (LAN Interface)
188.8.131.52(User A) -------------------- 184.108.40.206 (User B)
1.From 192.168.6.1 can go to internet
2.I want to config
a. User A can go to internet
b. User B can access server Attendance System but cannot access Internet
3.DNS Server for the Internet
dotdash last edited by
This is really a Firewalling question, not a NAT question. But anyway…
Unless I'm missing something, it seems pretty basic. Just configure firewall rules on the LAN interface, allow source 220.127.116.11 destination 192.168.6.11, then deny source 18.104.22.168 destination any. User A should be fine with the default rules. Just make sure you order them correctly- allow B, deny B, default allow.
Thank Mr DotDash for that answer.
Actually this is the actual network diagram. First at all is i already make the firewall rules like you said but the problem is from user A n B,they cannot use http://eattendance.company.com in their browser because of DNS. Some of my friend said it because NAT , that why i post it here. How do i do to make user A and B can browse http://eattendance.company.com without typing an ip , because if i use ip it can browse. and i cannot change the configuration inside the gateway, the only ideas is to NAT, but still as a newbie i dont know how to do it in PfSense.Plz help Me
dotdash last edited by
If you are running the default setup on pfSense, it will be running NAT between LAN and WAN. In that case, all the DNS queries would be coming from 192.168.6.18. User A should be working, but user B would need an additional rule to allow DNS traffic from 172.16.1.20. But that configuration would mean running double-nat, which can have issues. If you are not running NAT on your firewall, The router at 192.168.6.1 would need a route to 22.214.171.124/24 via 192.168.6.18.
BTW, the 126.96.36.199/24 network is not a bogon/reserved network. It's a public range registered to Symbolics, Inc. You should really be using another reserved network like 192.168.99.0/24. Unless you work for Symbolics.
i have the same config as you …
LAN in class C
WAN in class C ...
i have nat some ports but users in WAN can't access to "wan ip's:port"
you must uncheck this :
Block private networks
When set, this option blocks traffic from IP addresses that are reserved for private
networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses
(127/8). You should generally leave this option turned on, unless your WAN network
lies in such a private address space, too.
Thank Everyone , solve it , like dotdash said it all automatically nat only me do some careless mistake.
shreckbull thank for the info