Print Page - Acces rule LAN

Title: Acces rule LAN
Post by: stanthewizzard on April 13, 2021, 10:05:24 AM

Hello

I have this rules for LAN (192.168.0.0) and Livebox is 192.168.1.1
   deny in IPv4 TCP   ! *   80 (HTTP)   Livebox    80 (HTTP)   *   *
   allow in IPv4 *   *   *   *   *   *   *   Default allow LAN to any rule
   allow in IPv6 *   *   *   *   *   *   *   Default allow LAN IPv6 to any rule

BUT
I still can acces Livebox from any machine on LAN.

What am I not understanding ?

Thanks for help

Title: Re: Acces rule LAN
Post by: chemlud on April 13, 2021, 10:17:10 AM

You simply can't control LAN traffic, it goes directly from client to client and never reaches the OPNsense....

Title: Re: Acces rule LAN
Post by: lfirewall1243 on April 13, 2021, 11:12:14 AM

You'll need to seperate your network in different Subnets to make the traffic pass OPNsense

Title: Re: Acces rule LAN
Post by: juere on April 13, 2021, 11:16:44 AM

Quote from: chemlud on April 13, 2021, 10:17:10 AM
You simply can't control LAN traffic, it goes directly from client to client and never reaches the OPNsense....

Quote from: lfirewall1243 on April 13, 2021, 11:12:14 AM
You'll need to seperate your network in different Subnets to make the traffic pass OPNsense

both definitely true, but maybe not applicable to stanthewizzard's problem.
His "Livebox" (whatever this is) seems to live in a different network segment 192.168.1.0/24.

I think, the firewall rule is wrong in two aspects

- the negation of source "any"
- the specification of source port "80"

and should read

Code Select


deny in IPv4 TCP    *   *   Livebox    80 (HTTP)   *   *

Title: Re: Acces rule LAN
Post by: stanthewizzard on April 15, 2021, 08:56:38 PM

I understand the same subnet issue.
But livebox is outside of it (so should go through the fw)

I'll try asap the last rule suggested.

Thanks for your answers and time

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: stanthewizzard on April 13, 2021, 10:05:24 AM