Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Check our new Geekzone Price Comparison web site for electronics prices in New Zealand.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Firewalling with pfSense - Blocking between interfaces


983 posts

Ultimate Geek

Subscriber
Topic # 94339 8-Dec-2011 12:44 Send private message

So I have gone away from IPcop and installed pfsense. Mainly I want to have a play with the captive portal function. so far been quite succesful in making a 'wireless hotspot' type connection. Only problem I am having is I cant block stuff coming from my WLAN (192.168.100.0) to the LAN (192.168.1.0).

The LAN has a the default 'allow' rule letting traffic go any where it wants from the LAN so I assumed if I just made the allow rule on WLAN let traffic in the WLAN only go to the WAN. However when I put in a rule like that it doesnt allow internet access at all. So then I thought well put in the standard allow rule for WLAN and then put in a block rule saying traffic from WLAN isnt allowed to access LAN but then I read the caption below the firewalling stuff on pfsense and it evaluates the rules on a first match basis so my next theory was no good. My last option was putting that same block rule on the LAN interface but that didnt do anything either.

Am i barking up the wrong tree trying to use the firewall rules to block between interfaces? Or is it doable. Do I need to run a squid proxy to do this?

Any help much appreciated.

Create new topic
232 posts

Master Geek
  Reply # 555435 8-Dec-2011 13:06 Send private message

Restart pfSense after you make those rule changes.

Although it's been a while since I've setup pfSense, it probably hasn't changed much. I'm sure that it can be done because I had similar setup where I used it as a router with various NICs (obviously, in and out) and WIFI. Plus I managed what was allowed between the different networks and LAN segments. I haven't kept anything but, from memory, there were some similar examples of rules on the web for LAN segmenting, pass through, etc.

It didn't work initially and I spent a lot of time working on it until I accidentally shutdown pfSense. Although I had understood that the rules would take without a restart, apparently that's what was needed.




The electrosaurs are dying out!
• 56kg HP Color LaserJet behemoth - will it ever die?
• 61kg HP Netserver brontosaurus - Extinct 2010
• 32kg Compaq Proliant goliath - Extinct 2010
• 31kg 21" IBM CRT gargantua - Extinct 2010

2382 posts

Uber Geek

Trusted
Subscriber
  Reply # 555463 8-Dec-2011 13:45 Send private message

You'll want to put a block rule on the WLAN interface to the LAN network and then underneatht aht do an allow all to everywhere. That will do what you want.







983 posts

Ultimate Geek

Subscriber
  Reply # 555614 8-Dec-2011 18:57 Send private message

Ah so I just havent been ordering the rules properly. Will keep playing around. Thanks!



983 posts

Ultimate Geek

Subscriber
  Reply # 555621 8-Dec-2011 19:21 Send private message

Worked like a charm. I can understand it now. You set the base allow rule and then just build on that. Thanks heaps!!

Create new topic



Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
Geeksphere TV: Episode 19.1
Posted 25-May-2013 18:19

Amazon brings Kindle Fire to 170 countries, expand app store to more than 200 countries
Posted 24-May-2013 14:41

Gen-i and SAP partner in mobile business
Posted 23-May-2013 09:23

Ericsson to close down telecom cable manufacturing
Posted 23-May-2013 08:46

FaceToFace Communications and StarLeaf bring unique cloud-based videoconferencing to Australia and New Zealand
Posted 22-May-2013 09:12

IBM Watson finds a new job: customer services
Posted 22-May-2013 08:37


Trending now »
Hot discussions in our forums right now:

Fecked up religious people strike again :-(
Created by Mark, last reply by freitasm on 25-May-2013 08:44 (85 replies)
Pages... 4 5 6

Cannabis is illegal yet we have really strong 'legal highs' ?
Created by qwerty7, last reply by freitasm on 23-May-2013 23:20 (74 replies)
Pages... 3 4 5

A new project coming to Geekzone
Created by freitasm, last reply by l43a2 on 24-May-2013 23:02 (342 replies)
Pages... 21 22 23

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by mrgsm021 on 25-May-2013 14:30 (1567 replies)
Pages... 103 104 105

Xbox One
Created by DjShadow, last reply by Hobchild on 26-May-2013 04:26 (76 replies)
Pages... 4 5 6

Monolithic Cement Sheet cladding mid 80s house - "leaky home" or not?
Created by joker97, last reply by mattwnz on 24-May-2013 23:46 (15 replies)

Orcon, Is this for real or a scam??
Created by old3eyes, last reply by DarthKermit on 22-May-2013 19:12 (29 replies)
Pages... 2

Entire house HTPC concept
Created by InfiniteLoop, last reply by darthmeow on 24-May-2013 12:19 (26 replies)
Pages... 2


Geekzone Jobs »
Most recent NZ jobs in technology:

Developer of interactive experiences
Posted 25-May-2013 21:28

Ambitious Project Coordinator
Posted 25-May-2013 19:28

Ambitious Project Coordinator
Posted 25-May-2013 19:28

Exceptional Senior Project Manager
Posted 25-May-2013 19:28

Multitalented Business Analyst
Posted 25-May-2013 18:28

Communicative Test Manager
Posted 25-May-2013 17:28

Flexible Test Manager
Posted 25-May-2013 17:28


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.