How to block webgui from wifi client?
-
Setup
modem–router (192.168.1.1) --pfsense (wan=192.168.1.10 lan=192.168.3.1) --opt1(192.168.4.1) --wifi client(192.168.4.10)
Rules
wan accept any
lan accept any
opt1 block dest 192.168.0.0/24
opt1 accept anyI want to access webgui from 192.168.1.0/24. With this setup my wifi client is able to access 192.168.1.0/24. How do I limit access to allow only internet traffic?
-
opt1 block dest 192.168.0.0/24
With this setup my wifi client is able to access 192.168.1.0/24
So block the correct subnet!
Add a allow rule on OPT1:
ID Proto Source Port Destination Port Gateway Queue Schedule Description * * * !192.168.1.0/24 * * noneAnd it will be done.
-
Thank you for your help. There is a typo my block rule is 192.168.0.0/16. Sorry for the confusion.
I did add the block rule 192.168.1.0/24 as you suggested and again it did not produce the expected result.
What I left out in the details is that I have Squid proxy on OPT1 and it turns out that is the source of the problem. Strange thing is webgui via lan port is blocked for wifi clients as expected. Any ideas?
-
I have to be sorry also. In my rule there is also an typo.
The rule I suggested should allow all traffic on OPT1 except with destination to your LAN net. So you have to use your LAN net there, 192.168.3.0/24 instead 192.168.1.0/24.
Note: Enter LAN net at destination and check "not" above to invert this.