cross-posted to: https://sh.itjust.works/post/14114626
If the rule is about forwarding traffic from the lan
interface to the wan
interface, then why is there also a forward rule? How would inputs, and outputs make any sense if the rule is talking about forwarding? What does it mean for wan
to forward to REJECT
? I interperet that as saying that wan
doesn't go anywhere, but that wouldn't make sense given that the router can send, and receive over the internet.
For example I would interperet the first rule as follows:
lan => wan
: the conditions for which connections from the lan
interface are forwarded to to the wan
interface.
Input: accept
: the lan
interface accepts all connections originating from the network (I wouldn't understand the point of setting this to be reject
).
Output: accept
: all connections exiting the wan
interface are accepted (again, I'm not sure what the point of this would be).
Forward: accept
: forwarding of packets from lan
to wan
is allowed.
- Masquerade: I honestly don't know what the effect of enabling this would be. What would it mean to masquerade the
lan
interface?
I tried finding documentation, and I did come across this, and this, but, from what I could understand, they didn't really answer any of my questions.
Isn't the lan -> wan interfaces refering to your packets going outside your router and lan network to the outside world (internet?).
I vaguely remember the pfsense configuration I did a while ago, where the wan interface is actually the internet connection interface.
Maybe I'm wrong and misunderstood something, if so, please correct me !
yes, lan is the Local Area Network, wan is the Wide Area Network. The zone lan refers to the devices on the local side, wan to the great internet.