OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: rusty dreamcast on April 26, 2021, 01:53:31 am
-
Started delving into vlan today
I have some mains switches that just need to talk to my Mqtt broker on home assistant no internet access required
I put them on a separate vlan and added a rule pass to single host with the IP address of my home assistant on my main lan
Problem is when this rule is in place I can ping every IP in the main lan from the vlan not just home assistant how do I lock this down?
Thanks rusty
-
Hi, can you show the rules?
-
this is the only rule ive made on the vlan interface this is very new to me
-
Are there any firewall rules on the (untagged) parent interface? These can also affect VLAN traffic.
Cheers
Maurice
-
Hello,
An idea, not sure ...
After your rule that give access to this ip, maybe you need to add another rule to block all other traffic/access to lan ?
-
Are there any firewall rules on the (untagged) parent interface? These can also affect VLAN traffic.
I have heard this before, and I cannot reproduce this; parent interface rules don't seem to apply to it's VLANs, thankfully.
-
this is the only rule ive made on the vlan interface this is very new to me
192.168.1.193/24 will route to all address between 192.168.1.0 - 192.168.1.255.
Set the "24" to "32":
192.168.1.193/32 - This will route only to the address shown.
-
Thanks I'll try that at the weekend can mess with the network mid week as people working from home need it to be stable