Deny lan to lan access
-
Hi everybody !
I have few problems with firewalling.
I'd like to :
- deny access LAN1 to LAN2
- deny access LAN2 to LAN1
- allow access LAN1 and LAN2 to WAN
Here is the hardware confguration :
Internet –----- Modem (WAN) ------- pfSense ------- LAN1
|
|
|
LAN2Firewall rules are :
LAN1 interface
- Proto IPV4, Allow, Source LAN1, Port Any, Destination NOT LAN2 net
- Proto IPV4, Deny, Source Any, Port Any, Destination Any
LAN2 interface
- Proto IPV4, Allow, Source LAN2, Port Any, Destination NOT LAN1 net
- Proto IPV4, Deny, Source Any, Port Any, Destination Any
WAN interface
- Proto IPV4, Deny, Source Any, Port Any, Destination Any
With those rules, I can access from any lan to any lan.
Does anybody know where is my mistake ?
Thanks for your help ;)
Damien
-
Try;
LAN1 interface
- Proto IPV4, Allow, Source LAN1, Port Any, Destination NOT LAN2 net
- Proto IPV4, Deny, Source Any, Port Any, Destination Any
LAN2 interface
- Proto IPV4, Allow, Source LAN2, Port Any, Destination NOT LAN1 net
- Proto IPV4, Deny, Source Any, Port Any, Destination Any
WAN interface
- Proto IPV4, Allow
Deny, Source Any, Port Any, Destination Any
- Proto IPV4, Allow, Source LAN1, Port Any, Destination NOT LAN2 net
-
Post a screenshot of your real rules.
Don't change your WAN rule!
-
Thanks for your help ;)
I have done what you wrote and it works as I want !
Thanks again !!! ;D ;D
-
Flyer,
With LAN's working as you want you should remove the WAN rule to only allow in what is initiated by LAN clients then add NAT rules, as needed, to allow specific WAN access to LAN clients.Enjoy…