Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't isolate wireless and wired networks

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bluepickles
      last edited by

      Is anyone here familiar with pfsense configuration?

      I am trying to isolate a wired personal computer from a wireless router (for laptops, phones etc.) with a pc router using three intel network adapter cards, installed with pfsense.

      I have assigned three interfaces. WAN, LAN and OPT1.

      WAN  network adapter assigned em0.
      LAN  network adapter assigned em1. (static IPv4 192.168.1.1)
      OPT1 network adapter assigned em2. (I have given static IPv4 192.168.3.1)

      When I try to access the gui, I can use either 192.168.1.1 or 192.168.3.1
      Also when running Nmap at the command line on either network, I see both 192.168.1.1 and 192.168.3.1

      What rules need to be passed so I can isolate both networks?
      Should I be using a VLAN configuration?

      Any help would be appreciated

      1 Reply Last reply Reply Quote 0
      • MikeV7896M Offline
        MikeV7896
        last edited by

        You need to create firewall rules for your LAN and OPT1 interfaces that block traffic going to the other networks.

        For example, on the LAN side, you should block traffic to Destination OPT1 network. On the OPT1 side, you should block traffic to Destination LAN network. The protocol should be Any, and you may need to create two rules per interface if you use IPv6 (one for IPv4 traffic, one for IPv6 traffic). I don't remember if you can pick IPv4+IPv6 and Any or not.

        Make sure these rules go before your "Allow all" rules in the list.

        The S in IOT stands for Security

        1 Reply Last reply Reply Quote 0
        • B Offline
          bluepickles
          last edited by

          So I go into Firewall/Rules/Edit

          Do I change Source and Destination Settings?

          1 Reply Last reply Reply Quote 0
          • B Offline
            bluepickles
            last edited by

            OK that worked. Thankyou!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.