cross-posted to: https://sh.itjust.works/post/14114626


If the rule is about forwarding traffic from the lan interface to the wan interface, then why is there also a forward rule? How would inputs, and outputs make any sense if the rule is talking about forwarding? What does it mean for wan to forward to REJECT? I interperet that as saying that wan doesn’t go anywhere, but that wouldn’t make sense given that the router can send, and receive over the internet.

For example I would interperet the first rule as follows:

  • lan => wan: the conditions for which connections from the lan interface are forwarded to to the wan interface.
  • Input: accept: the lan interface accepts all connections originating from the network (I wouldn’t understand the point of setting this to be reject).
  • Output: accept: all connections exiting the wan interface are accepted (again, I’m not sure what the point of this would be).
  • Forward: accept: forwarding of packets from lan to wan is allowed.
  • Masquerade: I honestly don’t know what the effect of enabling this would be. What would it mean to masquerade the lan interface?

I tried finding documentation, and I did come across this, and this, but, from what I could understand, they didn’t really answer any of my questions.

  • N0x0n@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    Isn’t the lan -> wan interfaces refering to your packets going outside your router and lan network to the outside world (internet?).

    I vaguely remember the pfsense configuration I did a while ago, where the wan interface is actually the internet connection interface.

    Maybe I’m wrong and misunderstood something, if so, please correct me !

    • Victoria@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      3
      ·
      9 months ago

      yes, lan is the Local Area Network, wan is the Wide Area Network. The zone lan refers to the devices on the local side, wan to the great internet.