Netgate SG-1000 microFirewall

Author Topic: Block traffic from opt1 to lan but allow to wan  (Read 133 times)

0 Members and 1 Guest are viewing this topic.

Offline tchadrack

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Block traffic from opt1 to lan but allow to wan
« on: November 03, 2017, 02:00:09 pm »
I have Three interfaces in pfsense, LAN, WAN and OPT1

I want to let opt1 access internet (wan) but not being able to access hosts in LAN.

I created these rules in opt1 but hosts in opt1 can 'see' the hosts in LAN.

If I change the first rule to anything else, internet stops working in opt1

What am I missing here?

EDIT: I FOUND:

It happens only when i enable squid. The point is that I need squid to be enabled, so how can I block opt1 squid(ers) from acessing lan hosts?
« Last Edit: November 03, 2017, 02:14:04 pm by tchadrack »

Offline tchadrack

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Block traffic from opt1 to lan but allow to wan
« Reply #1 on: November 03, 2017, 02:19:39 pm »
I have Three interfaces in pfsense, LAN, WAN and OPT1

I want to let opt1 access internet (wan) but not being able to access hosts in LAN.

I created these rules in opt1 but hosts in opt1 can 'see' the hosts in LAN.

If I change the first rule to anything else, internet stops working in opt1

What am I missing here?

EDIT: I FOUND:

It happens only when i enable squid. The point is that I need squid to be enabled, so how can I block opt1 squid(ers) from acessing lan hosts?

Ok, I've found the solution again, i needed to use this configuration:

Bypass Proxy for These Destination IPs : 192.168.1.0/24

Then, proxy is bypassed, and the firewall rules do not allow the lan hosts..