Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking Access To Certain IP Addresses

    Scheduled Pinned Locked Moved Wireless
    15 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      arthuraires
      last edited by

      Good Afternoon Forum pfSense!
      I have a problem and would like to share with you!
      The following is!
      I have a router that is connected to pfsense firewall and would like to make it a hostpot for clients to access free internet.
      I want nothing from Radius something so simple as an open wireless network!
      So I want to set for all clients connected by the router (which has a wan ip in the firewall) could not have access to certain machines the company …
      What are the servers!
      Is there any way for me to accomplish this lock without taking the internet?
      And another would also limit the Internet bandwidth of this router?
      How to do it?
      Sorry for the strange English and I'm already using google translator that no one answered the Brazilian support.

      Sincerely

      Arthur Aires

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        How many pfSense interfaces (including VLANs) are you committing to this?  One for LAN and one for GUEST or are you just trying to put the wifi router's WAN port on your LAN?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          arthuraires
          last edited by

          Sorry I'm kind of layman and now that implemented the pfsense on my network, more come on!
          I put the network cable into the router's WAN! And it gets an IP address on the network that is 192.168.3.53 and it manages customers and such in his subnet.
          Then I would like to block access to servers that ip ips there that give block someone malicious in open network, you know?
          Thank you for responding so quickly! :)

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            That will have to be done in your Wi-Fi router.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              arthuraires
              last edited by

              Damn, but on the router by default options are very vague I would have to install a third party firmware (dd-wrt) to do this.
              More there is some method to create it?
              Not sé I created a group on aliases and to block there?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                No. Traffic from the WAN port of the Wi-Fi-router to other hosts on pfSense LAN will never go through pfSense.  Same-subnet traffic does not go through the router.

                Make two interfaces on pfSense.  Put the Wi-Fi on one and LAN on another.  Then you can filter as much or as little traffic between the subnets as you like.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • A
                  arthuraires
                  last edited by

                  I think you're not understanding me right (excuse the rudeness) I think I'm expressing myself poorly.
                  I will try to show how my network is configured:

                  You see this here?

                  My router is in "Computer Lab" that is behind the switch and is being regulated by pfsense, yet I could not block the router ip access (192.168.3.53) ips to the servers that are in the "Teacher" room ?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    It would have to be done in the access point or in the switch.  That traffic will never go to pfSense.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • A
                      arthuraires
                      last edited by

                      More router gateway and the pfsense!
                      So by logic all traffic on my network go through it right?
                      Then I wanted to filter this traffic in that sé he comes addressed to the ip of the server it passes not understand?

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        No.  I guess I don't understand.  You don't seem to want to hear the correct answer based on your diagram.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • A
                          arthuraires
                          last edited by

                          But I think the router does not have this option!
                          Does utliziação third party firmware have this option? How dd-wrt or OpenWRT?
                          And you know the technical name for this?

                          1 Reply Last reply Reply Quote 0
                          • DerelictD
                            Derelict LAYER 8 Netgate
                            last edited by

                            No idea.  This isn't a dd-wrt forum.

                            I told you what to do.  Put it on separate interfaces on pfSense.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • A
                              arthuraires
                              last edited by

                              Ok, not prescisa be 'aggressive'. :P
                              How do I configure separate interfaces and only connect my router to it?

                              1 Reply Last reply Reply Quote 0
                              • DerelictD
                                Derelict LAYER 8 Netgate
                                last edited by

                                You might want to ask that basic question in the Portuguese/Brazilian forum.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • A
                                  arthuraires
                                  last edited by

                                  ok,thanks for support.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.