OPNsense Forum
English Forums => General Discussion => Topic started by: o2cool on June 02, 2021, 05:38:37 pm
-
Hello everyone, first time poster here, have been using OPNSense for many years now. I am building a new box for my network so i can retire the old one. So i am setting up the rules for the vlans. I have tried searching google for this and after hours google is no longer giving me results that contain the words i type into the search box. I just have one question.
What is the difference between interface net vs interface address?
vLan setup:
vLan 10: 172.17.150.0/26
vLan 40: 192.168.245.0/24
For example, vLan 40 and vLan 10. i want to enable traffic from 40 to 10 so i put in a [allow] rule for interface vLan 40 for source vLan 40 net -> Dest vLan 10 net. And it works
Now i want to test with vLan address:
For example, vLan 40 and vLan 10. i want to enable traffic from 40 to 10 so i put in a [allow] rule for interface vLan 40 for source vLan 40 net -> Dest vLan 10 address. And it works
I am testing by being able to ping a host and reach the webgui on the other address. If i disable the rule then traffic is blocked per expected.
What is the difference and when would i want to use network or address?
-
Found the answer. Just had to give up and register on the forums for google searches previously typed in to finally give relevant results. Looks like, net is traffic to the subnet and address is traffic to network addresses. (not sure what the difference is) (NET matches anything on that subnet, and the address matches only the IP address assigned to the router on that subnet.)
So net would be the subnet 172.17.150.0/26
And address would be: 172.17.150.1
So pinging a device at 172.17.150.10 Only works when Dest is set to net and not address but i can ping the networks router in either setting.
So like most things, works opposite than what makes sense to those that do not have a degree in iptables rules.