I can't block LAN to LAN traffic on pfSense 2.1



  • Hi

    I appreciate it if anyone can help me with this, please…

    I working with pfSense 2.1.3-RELEASE (amd64)

    From my interface: "LAN" - 172.50.0.0 / 255.255.0.0

    pfSense interface: 172.50.50.1
    Server A - 172.50.50.2
    Server B - 172.50.50.3

    I am trying to block SSH connection from "Server A" to "Server B"

    I create this "Rule", bit those not work:

    ID Proto Source Port Destination Port Gateway Queue Schedule Description

    IPv4 TCP 172.50.50.2 * 172.50.50.3 22 (SSH) * none                           Blocking SSH traffic.

    It seems that pfSense does not filter forward traffic, on the Linux systems this works by activating "net.ipv4.ip_forward = 1".

    Thanks in advance for any suggestion or comment.



  • Your servers are in the same local LAN network, in other words part of the same broadcast domain. Traffic between hosts on the same network never reach the router/firewall because the hosts can talk directly to each other without having to forward the traffic to the gateway. This is completely operating system independent, it works the same on Linux/Windows/younameit. The "net.ipv4.ip_forward" setting on Linux does not control packet filtering, it only turns on IP forwarding between different interfaces on the system which is of course required on a system that is used for routing traffic.

    Your only option is to use a local firewalls on the server machines to control traffic between them.



  • Thanks for the reply.


Log in to reply