Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Prevent 1 computer on the network from communicating with the rest of the LAN?

    General pfSense Questions
    4
    4
    732
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elementalwindx last edited by

      What is the best way to achieve this?

      I have 1 computer on the LAN I want nobody else to be able to communicate with.

      I've created a rule in the firewall on the LAN such as this: IPv4 * 192.168.99.3 * * * * none

      and I even went in and reset the states but that doesn't seem to stop it from being able to browse smb shares on the network. It does stop it from going to websites though.

      The only thing this machine needs is access so that people internally and externally can RDP into it and that is it.

      Edit

      I imagine since it's inside the LAN itself, the firewall isn't able to block communication say between 192.168.99.3 and 192.168.99.10? If thats true then what would be a good idea? I guess VLANing that port? :/

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        That has to be handled in your switch, as you surmise. Your router isn't involved in same-subnet traffic.

        Else yes you need to put the host you ant to restrict on another interface/subnet and pass only what you want it to have access to.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          Yup if you need to isolate client A from client B you need to put them on different vlans/network segments and then pfsense can firewall/route that traffic for you.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Or get a switch with port isolation (even the cheap TP-Link gig switches have it). Then they can only talk to the gateway and never to each other (on ports where you have that set).

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post