Score:0

pfSense - How to allow traffic only to the internet for part of hosts?

de flag

I have computers on my network that I want to allow access to LAN resources - I created an alias with their IP addresses (LAN_WHITELIST). For the other devices I would like to do Internet access only.

So I have also created an alias for private networks: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 - INTERNAL_NET.

My rules look as follows: rules

That is, I pass LAN_WHITELIST to INTERNAL_NET. I block not LAN_WHITELIST to INTERNAL_NET. The rest of the rules are default.

Right now:

  • the computers with LAN_WHITELIST have access to the Internet and to the LAN servers. This is OK.
  • the computers outside of LAN_WHITELIST do not have access to the Internet, but they do have access to the LAN servers. This is WRONG.

How do I correct the rules to make this work as I need it to?

EDIT: Just understood that I need to give access to the pfSense for non LAN_WHITELIST hosts, because they receive its address as DNS (192.168.0.1). So now it looks !LAN_WHITELIST have Internet access. rules2

EDIT2: May it be that the traffic doesn't go via router, so I can't block it with firewall rules? All hosts and servers are in the same local network.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.