Blocking LAN to WAN necessary?
-
From a pentesting article that I read someone had recommended that I make a Lan rule like this.
Block any Lan net to any Wan netSince I am using virtualbox with pfsense to protect my windows installation. How true is that? I've always wondered about the ip of the virtualbox itself. Let's see, pfsense dhcp's an ip from my external router, then it has to pass through on the WAN side of my pfsense virtual machine installation and then I have another ip address in which I go out from the Lan to the internet. Doesn't pfsense already block from private networks and such or in my configuration is that incorrect since I have to dhcp an ip from a private network?
With 3 ip addresses involved you could see how I might be concerned. The one that bothers me the most is the standard virtualbox ip address of 192.168.56.1 which I will change eventually. The other two addresses come from the pfsense 10.0.0.0/8 and external router 172.0.0.0/12 subnets.
I thought about it a little bit more and I suppose that the virtualbox ip address is hidden from external view.Modified recently because I didn't want to revive an old thread by creating a new reply.
There is actually nothing to worry about because it doesn't even get an IP from pfsense and the dns servers are both blank. Plus there is no gateway. So I'm pretty sure that the virtualbox adapter is harmless with the way it's set and it still allows me to rdp to the console.