Dhcp gateway from server not from interface
-
Actually on PFsense v2.2.2
my problem :
I have lan dhcp managed from pfsense , on my lan network I managed some computer without accessing internet and I put that computer with statut ip and don't set gateway but that computer steel get internet what to do ?????? -
well if your setting static on a lan pc, you need to give it a gateway (normally this would be pfsense IP on that network segment - ie lan)
yeah without that your not going anywhere other than other ips on that segment.
This normally handled via dhcp, but if doing static
Lets say your pfsense lan IP is 192.168.1.1/24
So your pc you might make 192.168.1.19/24
gateway 192.168.1.1
dns 192.168.1.1And you should be good to go.
-
Yes thanks for the answer.
but I dont want internet for that computer.
in my pfsense dhcp in lan i have computers that must access internet but for the other computer I don't want internet Just thé lan network I change the defaut gateway for that computer in pfsense not working I put statut ip in Windows without gateway but that computer get internet is it a bug or something I forget to do -
if you don't have a gateway set on the pc then its NOT Possible for them to get to the internet, unless they are using a proxy that is on their local lan and that is what is giving them internet. For example if you point to pfsense as proxy and your running proxy on pfsense then you could get internet that way.
-
Thanks
yes i'm using proxy squid and that computers are joined to windows domain who automatic generate script for that computers with gpo with proxy adress in browser .
so if I disable the proxy adress from the browser and don't put the gateway with statut ip all will be ok ? -
if no proxy and no gateway then there is no way for them to get off their segment, so no internet.
-
couldn't the internet be blocked though the firewall for that IP 192.168.1.19/24?
-
not if using a proxy no.. Proxy is the one going to the internet not 192.168.1.19
Normally if you have a proxy you control internet access as the proxy with user auth, etc. Not by removing the gateway. And your firewall rules would only allow the proxy to go out anyway, etc.
-
ooo gotcha thanks for clearing that up so proxy is first then firewall for LAN
-
thanks for every body
i resolved my situation with Schedules for all clients who i don't want to not accessing internet
the proxy server is enabled for all client , and the default gateway also , just make a rule reject in firewall with alias of the specified clients and enable Schedule for all the week for that clients and all working perfectly
thank you for help
-
so you denied them access at the proxy, and then rules at the firewall to block any non proxy traffic that might go out.
Normally in work place all direct traffic would be blocked from all clients, and only exceptions would be made for non proxy away applications or things that don't work with the proxy. Proxy is where you content filtering would be done, if you allow clients to not use the proxy and direct go out the internet then very simple for them to bypass your content filtering and surf p0rn for example.
-
just make a rule reject in firewall with alias of the specified clients and enable Schedule for all the week for that clients and all working perfectly
I don't get what's this "schedule" good for. Just set up a permanent block rule for those. Why are you scheduling something for 24/7?
