Deny lan to lan access



  • Hi everybody !

    I have few problems with firewalling.

    I'd like to :

    • deny access LAN1 to LAN2
    • deny access LAN2 to LAN1
    • allow access LAN1 and LAN2 to WAN

    Here is the hardware confguration :

    Internet  –-----  Modem (WAN)  -------  pfSense  ------- LAN1
                                                                      |
                                                                      |
                                                                      |
                                                                    LAN2

    Firewall rules are :

    LAN1 interface

    • Proto IPV4, Allow, Source LAN1, Port Any, Destination NOT LAN2 net
    • Proto IPV4, Deny, Source Any, Port Any, Destination Any

    LAN2 interface

    • Proto IPV4, Allow, Source LAN2, Port Any, Destination NOT LAN1 net
    • Proto IPV4, Deny, Source Any, Port Any, Destination Any

    WAN interface

    • Proto IPV4, Deny, Source Any, Port Any, Destination Any

    With those rules, I can access from any lan to any lan.

    Does anybody know where is my mistake ?

    Thanks for your help ;)

    Damien



  • Try;

    LAN1 interface

    • Proto IPV4, Allow, Source LAN1, Port Any, Destination NOT LAN2 net
      - Proto IPV4, Deny, Source Any, Port Any, Destination Any

    LAN2 interface

    • Proto IPV4, Allow, Source LAN2, Port Any, Destination NOT LAN1 net
      - Proto IPV4, Deny, Source Any, Port Any, Destination Any

    WAN interface

    • Proto IPV4, Allow Deny, Source Any, Port Any, Destination Any


  • Post a screenshot of your real rules.

    Don't change your WAN rule!



  • Thanks for your help ;)

    I have done what you wrote and it works as I want !

    Thanks again !!!  ;D ;D



  • Flyer,
    With LAN's working as you want you should remove the WAN rule to only allow in what is initiated by LAN clients  then add NAT rules, as needed, to allow specific WAN access to LAN clients.

    Enjoy…


Log in to reply