Captive portal interface can access LAN side
I real am a new to this firewall problem. I search google and forum but I can't help myself out of this problem.
Captive portal and other function do well , my problem is users from cp side can access to all my LAN side after they successfully authenticated. They can access resourse of LAN. I tried to block , but I don't know what I'm doing. Please show me answer.
Here is my configuration:
WAN : 192.168.1.3 DHCP (address reservation)
LAN : https://192.168.1.4:7777 (same network with wan)
Firewall rule, I leave default to WAN and LAN . I put CP firewall like this : PASS > any > any > any > SAVE. (if I don't put pass rule , CP user can't access to internet)
*** This is terrible , I can't find the right answer. Help me please.
Your problem is that WAN and LAN use the same address range. Take a different IP address range for the LAN and then you can block CP traffic trying to get into that range.
I'm sorry , that can't help.
I change my LAN ip to different network > 192.168.2.4 .
Still CP side can access , pfsense WAN > 192.168.1.3 and LAN.
I think i have to change some firewall rule. How to do firewall rule to access internet but not to other network from CP side?
sorry for my english
what about putting one more firewall rule on CP interface:
DENY > any > 192.168.1.0/24 > any > SAVE
edit: put the rule before the "allow any any" one
And push that new rule to the top of the list, so it gets precedence over any "allow all" rules.
No need to apologize for your english.
Edit: okay…seems that lsense was a bit faster with the edit ;)