The Sorrow Posted September 1, 2011 Share Posted September 1, 2011 (edited) My plan for my pfSense firewall is to have a LAN, Wireless Access Point interface, and a DMZ. Im not sure how to allow access to the internet with all interfaces (unless I'm just missing something). I have three NICs and one built in NIC. Here's an overview of my setup. Its a fresh install so I know I need to modify things to make it work (which I have, I just cant seem to figure it out). WAN -> DHCP LAN -> 10.10.1.0/24 DMZ -> 10.10.2.0/24 WAP -> 10.10.3.0/24 All the interfaces are statically assigned to *.*.*.254 for whatever range they belong to. Ive heard that pfSense has NAT set up to allow all the interfaces access to the internet and to each other and all I have to do is set up firewall rules. Ive tried allowing things and it never seems to work (IE allowing LAN to access DMZ so I can manage my DMZ boxes through LAN without allowing DMZ access to the LAN). So I'm not sure if i have a backwards idea of what I need to do or if I'm just crazy Thanks Edit: had the CINR notation incorrect. /16s instead of /24s Edited September 1, 2011 by The Sorrow Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 3, 2011 Share Posted September 3, 2011 Don't know if you have seen this link, but should give it a try and see how you go. http://doc.pfsense.org/smiller/Add_WiFi_Interface.htm Quote Link to comment Share on other sites More sharing options...
ParMan Posted September 6, 2011 Share Posted September 6, 2011 (edited) This is also the Pfsense Forum They are very helpful. Might be wrong i have not actually looked into Pfsense configuration in a while but you might need to bridge the connections. Edited September 6, 2011 by ParMan Quote Link to comment Share on other sites More sharing options...
The Sorrow Posted September 8, 2011 Author Share Posted September 8, 2011 Been trying their forums. They aren't too helpful :/ Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 8, 2011 Share Posted September 8, 2011 (edited) Been trying their forums. They aren't too helpful :/ Did that link I provide you shed any lights into your problem at all? Edited September 8, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
The Sorrow Posted September 8, 2011 Author Share Posted September 8, 2011 (edited) Not for what im doing Infiltrator. That was a link that DID come in very helpful for setting up my wireless AP. My issue lies in the fact that pfSense does not allow access to anything unless a rule says it has access. By default there is a rule that states ALL computers from the LAN interface are ALLOWED to access ALL interfaces. Im lost as to why i cant access a DMZ interface from my LAN. Kinda thinking about trying out m0n0wall Edited September 8, 2011 by The Sorrow Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 8, 2011 Share Posted September 8, 2011 Not for what im doing Infiltrator. That was a link that DID come in very helpful for setting up my wireless AP. My issue lies in the fact that pfSense does not allow access to anything unless a rule says it has access. By default there is a rule that states ALL computers from the LAN interface are ALLOWED to access ALL interfaces. Im lost as to why i cant access a DMZ interface from my LAN. Kinda thinking about trying out m0n0wall If I had extra hardware lying around in my room, I would dive into this problem for you. Quote Link to comment Share on other sites More sharing options...
The Sorrow Posted September 9, 2011 Author Share Posted September 9, 2011 And that's why you are so awesome infiltrator! Quote Link to comment Share on other sites More sharing options...
ParMan Posted September 12, 2011 Share Posted September 12, 2011 (edited) Try this the setup looks the same as pfsense. let me know if this helps if not i will keep looking around. -edit- Here is another one. Also look into the order of your rules. What you want to pass needs to come before the Deny all. Edited September 12, 2011 by ParMan Quote Link to comment Share on other sites More sharing options...
The Sorrow Posted September 12, 2011 Author Share Posted September 12, 2011 *Sticks foot in mouth* I had my pc set to static IP with no gateway because I don't have cable internet yet (Using wifi for internet right now) so once I put everything on DHCP (IE got a default gateway) everything works perfectly. Quote Link to comment Share on other sites More sharing options...
ParMan Posted September 12, 2011 Share Posted September 12, 2011 Good im glad it all worked out for you. Quote Link to comment Share on other sites More sharing options...
The Sorrow Posted September 12, 2011 Author Share Posted September 12, 2011 Me too... feel kinda dumb though... But thats computers for you i guess. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.