Block rules not applied - Segregate LAN/WAN
I am trying to segregate GUEST_LAN_VIP from being able to ping LAN_VIP but currently my block rules aren't working and it can ping 192.168.2.x from 172.16.1.x
I also need it to route the traffic via WAN2, currently it's routing via WAN int1.
1 server 2012 with dhcp
WAN int1 x.x.x.x going to pfsense
WAN2 int2 x.x.x.x going to pfsense
LAN int2 192.168.2.2 going from pfsense to core switch
GUEST_LAN int3 172.16.1.2 going from pfsense seperate switch
(no WAN VIP)
WAN (Automatic any to any)
WAN2 (Manual NAT)
WAN int1 rules
block * RFC 1918 networks * * * * * Block private networks
block * Reserved/not assigned by IANA * * * * * * Block bogon networks
IPv4 UDP x.x.x.x * 22.214.171.124 53 (DNS) * none Easy Rule: Passed from Firewall Log View
WAN2 int1 rules (Created a block all to test, this is not being applied as can still access internet/LAN)
block IPv4 * * * * * * none
IPv4 * GUEST_WIRELESS net * not 192.168.2.0/172.16.1.0 * WAN2 none
LAN int2 rules
IPv4 * * * * * * none Any
IPv4 * LAN_NET * not 192.168.0.0 * WAN none Default allow LAN to any rule
GUEST_LAN int3 rules
- Reserved/not assigned by IANA * * * * * * Block bogon networks
Dude, post screenshots. Not this broken ASCII art.
Yeah some simple screenshots would make this much easier to read.
If you don't want guest_lan to ping lan – then rules would go on guest_lan.. From what you posted doesn't look like you have any rules on guest_lan for anything. So it wouldn't be able to do anything at all.