Block rules not applied - Segregate LAN/WAN
-
Hi,
I am trying to segregate GUEST_LAN_VIP from being able to ping LAN_VIP but currently my block rules aren't working and it can ping 192.168.2.x from 172.16.1.x
I also need it to route the traffic via WAN2, currently it's routing via WAN int1.
Simplified Setup:
1 server 2012 with dhcp
1 pfsense
2 LAN
2 WANWAN int1 x.x.x.x going to pfsense
WAN2 int2 x.x.x.x going to pfsense
LAN int2 192.168.2.2 going from pfsense to core switch
GUEST_LAN int3 172.16.1.2 going from pfsense seperate switchLAN_VIP 192.168.2.1
GUEST_LAN_VIP 172.16.1.1
WAN2_VIP X.X.X.X
(no WAN VIP)Outbound NAT
WAN (Automatic any to any)
127.0.0.0/8
192.168.2.0/24
172.16.1.0/24WAN2 (Manual NAT)
172.16.1.0/24
WAN int1 rules
block * RFC 1918 networks * * * * * Block private networks
block * Reserved/not assigned by IANA * * * * * * Block bogon networks
IPv4 UDP x.x.x.x * 8.8.8.8 53 (DNS) * none Easy Rule: Passed from Firewall Log View
WAN2 int1 rules (Created a block all to test, this is not being applied as can still access internet/LAN)
block IPv4 * * * * * * none
IPv4 * GUEST_WIRELESS net * not 192.168.2.0/172.16.1.0 * WAN2 noneLAN int2 rules
IPv4 * * * * * * none Any
IPv4 * LAN_NET * not 192.168.0.0 * WAN none Default allow LAN to any ruleGUEST_LAN int3 rules
- Reserved/not assigned by IANA * * * * * * Block bogon networks
-
Dude, post screenshots. Not this broken ASCII art.
-
Yeah some simple screenshots would make this much easier to read.
If you don't want guest_lan to ping lan – then rules would go on guest_lan.. From what you posted doesn't look like you have any rules on guest_lan for anything. So it wouldn't be able to do anything at all.