This is how I deal with wireless to internet acess but not lan.
add a rule that says: Pass WLAN-subnet to destination NOT (!) LAN (meaning if it's not rying to acess lan then it's all good) You can also add rules to drop connections from WLAN clients to destination firewall when port is 80/22 (GUI/ssh) etc. Then VPN into the firewall from WLAN zone to acess LAN. -lsf On 2/28/07, Jeremy Bennett <[EMAIL PROTECTED]> wrote:
In review, I'd like to grant full access to the internet for all computers on LAN (private, wired, my machines) and LAN2 (wireless segment - friends, families, neighbors). I'd like to make LAN invisible as far as LAN2 is concerned, yet allow my laptop to access LAN when it is attached to LAN2 wirelessly. I may not have been totally clear... I still need my LAN2 to see the internet, so the first rule WAS: PASS | Proto: * | Source: LAN2 net | Port: * | Destination: * | Port: * | Gateway: * So I changed it as such PASS | Proto: * | Source: * | Port: * | Destination: WAN address | Port: * | Gateway: * (Pass LAN2 to wan) PASS | Proto: * | Source: 192.168.12.99 | Port: * | Destination: * | Port: * | Gateway: * (Pass Powerbook to LAN) PASS | Proto: * | Source: LAN2 net | Port: * | Destination: ! LAN net | Port: * | Gateway: * (Block LAN2 from LAN) It seems to work... Have I introduced any sort of horrible security issue by doing this? Thanks for the help. > > > On Feb 26, 2007, at 1:13 AM, Holger Bauer wrote: > >> First create a DHCP-server fort he LAN2 segment at services| >> dhcpserver|lan2-tab and add a static mapping for the mac of your >> notebook. >> >> Then go to firewall|rules|lan2tab >> Add a rule: pass, protocol any, source (IP of notebook), >> destination any, gateway default >> >> Below this add a rule: pass protocol any, source lan2 net, >> destination NOT LAN, gateway default >> >> That's all that is needed. >> >> Holger >> >> -----Ursprüngliche Nachricht----- >> Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Gesendet: Montag, 26. Februar 2007 10:39 >> An: [email protected] >> Betreff: [pfSense Support] new user... need help with Rules >> >> I have pFsense 1.0.1, with a WAN, LAN and LAN2. The WAN gets an >> address >> via DHCP from local cable provider. LAN (192.168.12.1) is my (soon >> to be) >> private network, and LAN2 (192.168.12.1) has a couple of wireless >> bridges|APs at 192.168.12.253 & 254. What I need to do is create a >> rule >> that blocks traffic between LAN2 and LAN, yet still allows my laptop >> (192.168.12.99, assigned via MAC|static) to access LAN while >> wirelessly >> connected to LAN2. Any help or guidance on this is much appreciated. >> >> Mahalo, >> Jeremy >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
