Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Block clients to access internet without vpn

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sp00ky
      last edited by

      Hi,

      I'm trying to deny some clients from accessing internet without using the VPN-connection that I have set up. (I wanna route all traffic for some clients through the VPN).
      The VPN-connection is working but it seems that when it fails the clients still can access the internet.
      Could someone please have a look?

      See attachments for my for my rules in the firewall.

      2015-02-24_15-44-03.png
      2015-02-24_15-44-30.png
      2015-02-24_15-44-39.png
      2015-02-24_15-44-47.png
      2015-02-24_15-44-03.png_thumb
      2015-02-24_15-44-30.png_thumb
      2015-02-24_15-44-39.png_thumb
      2015-02-24_15-44-47.png_thumb

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        do you have any rules in your floating tab?  So your saying one of the IPs 1.21 or 1.22 are going outbound to the internet? Even when vpn is down?  What do you have setup on the rules that is flagging them with the a?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 26.03 | Lab VMs 2.8.1, 26.03

        1 Reply Last reply Reply Quote 0
        • S Offline
          sp00ky
          last edited by

          @johnpoz:

          do you have any rules in your floating tab?  So your saying one of the IPs 1.21 or 1.22 are going outbound to the internet? Even when vpn is down?  What do you have setup on the rules that is flagging them with the a?

          No floating rules at all. Yes, and inbound. hmm maybe thats it, i should block traffic from wan to 1.21 and 1.21 in the wan-tab.

          Those with a 'a' have special gateway

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            https://forum.pfsense.org/index.php?topic=76015.msg494089#msg494089

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • S Offline
              sp00ky
              last edited by

              @Derelict:

              https://forum.pfsense.org/index.php?topic=76015.msg494089#msg494089

              ill give that a try tonight, thx!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.