In review, I'd like to grant full access to the internet for all
computers on LAN (private, wired, my machines) and LAN2 (wireless
segment - friends, families, neighbors). I'd like to make LAN
invisible as far as LAN2 is concerned, yet allow my laptop to access
LAN when it is attached to LAN2 wirelessly.
I may not have been totally clear... I still need my LAN2 to see the
internet, so the first rule WAS:
PASS | Proto: * | Source: LAN2 net | Port: * | Destination: * | Port:
* | Gateway: *
So I changed it as such
PASS | Proto: * | Source: * | Port: * | Destination: WAN address |
Port: * | Gateway: * (Pass LAN2 to wan)
PASS | Proto: * | Source: 192.168.12.99 | Port: * | Destination: * |
Port: * | Gateway: * (Pass Powerbook to LAN)
PASS | Proto: * | Source: LAN2 net | Port: * | Destination: ! LAN net
| Port: * | Gateway: * (Block LAN2 from LAN)
It seems to work...
Have I introduced any sort of horrible security issue by doing this?
Thanks for the help.
On Feb 26, 2007, at 1:13 AM, Holger Bauer wrote:
First create a DHCP-server fort he LAN2 segment at services|
dhcpserver|lan2-tab and add a static mapping for the mac of your
notebook.
Then go to firewall|rules|lan2tab
Add a rule: pass, protocol any, source (IP of notebook),
destination any, gateway default
Below this add a rule: pass protocol any, source lan2 net,
destination NOT LAN, gateway default
That's all that is needed.
Holger
-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Gesendet: Montag, 26. Februar 2007 10:39
An: [email protected]
Betreff: [pfSense Support] new user... need help with Rules
I have pFsense 1.0.1, with a WAN, LAN and LAN2. The WAN gets an
address
via DHCP from local cable provider. LAN (192.168.12.1) is my (soon
to be)
private network, and LAN2 (192.168.12.1) has a couple of wireless
bridges|APs at 192.168.12.253 & 254. What I need to do is create a
rule
that blocks traffic between LAN2 and LAN, yet still allows my laptop
(192.168.12.99, assigned via MAC|static) to access LAN while
wirelessly
connected to LAN2. Any help or guidance on this is much appreciated.
Mahalo,
Jeremy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
