Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    To block or not block private networks and about gateways

    Firewalling
    2
    2
    509
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cmellons last edited by

      You know the option on the WAN connection for blocking private networks?

      I'm running pfsense virtually with virtualbox and my physical router is what it's getting the gateway from. So to me it would make sense to uncheck that, but also hovering in my mind is, could this allow something through that gateway that is undesirable?  I am still able to get internet either way. Just curious.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        If there are no other rules on WAN then it makes no difference - the default unseen "block all" rule stops incoming connection attempts anyway.
        From the LAN side, you can access things in that in-between WAN subnet because the state is initiated from the LAN side, so whatever WAN rules you have or do not have makes no difference.
        It is only if you want some device to access from the in-between WAN subnet to pfSense (e.g. for diagnostic purposes) that you have to uncheck "block private networks" and then add rule/s to allow access.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post