OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • How to enable restricted traffic between local networks?
« previous next »
  • Print
Pages: [1]

Author Topic: How to enable restricted traffic between local networks?  (Read 1114 times)

Taomyn

  • Sr. Member
  • ****
  • Posts: 322
  • Karma: 16
    • View Profile
How to enable restricted traffic between local networks?
« on: January 22, 2019, 09:44:14 am »

I have two separate local networks on my firewall, on different NICs each with it's own subnet. One is designated LAN (192.168.1.x) the other GUEST_LAN (192.168.100.x) and each has their own access point set up. This is all working well without issues except for one thing - I cannot manage the AP or any other resources on GUEST_LAN whilst connected to LAN. It's not the end of the world as I can jump onto another device on GUEST_LAN, but it's sometimes a little frustrating.


Is there a safe way to enable access for all devices on LAN to access all devices on GUEST_LAN but not the other way? I'm not sure what I need to configure to get this working or if it's actually possible or even advisable to do this.
Logged

ab5g

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
Re: How to enable restricted traffic between local networks?
« Reply #1 on: January 22, 2019, 02:45:15 pm »
This is pretty much a standard configuration. You can safely enable this by

Firewall: Rules: LAN
Source LAN Net; Destination Any ; Action Allow

Firewall: Rules: GUEST_LAN
Source GUEST_LAN net; Destination !LAN Net: Action Allow
Logged
DIY Tech >> www.zero-ping.blog

Taomyn

  • Sr. Member
  • ****
  • Posts: 322
  • Karma: 16
    • View Profile
Re: How to enable restricted traffic between local networks?
« Reply #2 on: January 22, 2019, 04:10:05 pm »
Quote from: ab5g on January 22, 2019, 02:45:15 pm
This is pretty much a standard configuration. You can safely enable this by

Firewall: Rules: LAN
Source LAN Net; Destination Any ; Action Allow

Firewall: Rules: GUEST_LAN
Source GUEST_LAN net; Destination !LAN Net: Action Allow


I already have rule on the LAN part of the firewall doing exactly that, yet I cannot contact anything of the other network from either network. It's the default rule.
Logged

Nico

  • Newbie
  • *
  • Posts: 33
  • Karma: 1
    • View Profile
Re: How to enable restricted traffic between local networks?
« Reply #3 on: January 23, 2019, 01:43:46 pm »
Enable logging for certain rules and see if an earlier rule applies or if those rules apply at all.
Logged

Taomyn

  • Sr. Member
  • ****
  • Posts: 322
  • Karma: 16
    • View Profile
Re: How to enable restricted traffic between local networks?
« Reply #4 on: January 23, 2019, 02:36:24 pm »
Quote from: Nico on January 23, 2019, 01:43:46 pm
Enable logging for certain rules and see if an earlier rule applies or if those rules apply at all.


For LAN and GUEST_LAN I only have the default allow rules, all the other rules under "Floating" and "WAN" are for external networks.


I tried to add a source:"LAN net", destination "GUEST_LAN net" under "GUEST_LAN" but that made no difference.
Logged

Nico

  • Newbie
  • *
  • Posts: 33
  • Karma: 1
    • View Profile
Re: How to enable restricted traffic between local networks?
« Reply #5 on: January 23, 2019, 02:40:11 pm »
Yet again: enable logging for those to see if they match or not.
Logged

Taomyn

  • Sr. Member
  • ****
  • Posts: 322
  • Karma: 16
    • View Profile
Re: How to enable restricted traffic between local networks?
« Reply #6 on: January 23, 2019, 04:09:42 pm »
I enabled logging and also the extra logging from the system settings, and the only hits for the IPs on GUEST_LAN were these
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • How to enable restricted traffic between local networks?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2020 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2