Hi I am only new to Opnsense and i have limited knowledge and need some help
I have multiple Vlans for each room of the house and i have setup a game server on Vlan20/DMZgame and i am trying to access it on a PC Vlan10/DalePC as well as multiple other windows 10 PC's on different Vlans
I also need file sharing between Vlan20/DMZgame to and from Vlan10/DalesPC
On the vlan interface where the machine(s) connecting _from_ you need to create a firewall rule allowing traffic. In the fields you fill in what you need and the destination is what you need to connect _to_
OK Thanks
So for source do I use net or address?
What about destination?
And the others would be any?
Can you elaborate on your reasoning behind having VLANs for each room? I've not seen a setup like that and I'm wondering what requirements prompted it.
Well at the time i thought i was a safer option if someone got into one device i would be harder to get to the rest off them.
Like i said im only new to networking.
So i have tried this rule with no success.
Not sure that's right.
I also added the game ports and windows SMB ports
Quote from: SaltyPilchard on October 27, 2023, 05:03:50 PM
Well at the time i thought i was a safer option if someone got into one device i would be harder to get to the rest off them.
Like i said im only new to networking.
It can be, but as you're discovering it makes for a lot more work in order to use things.
Anything accessible from the internet should definitely be in a DMZ and you don't want that DMZ being able to get out to anything else on your network as that's the whole point of the DMZ. But having multiple machines in the LAN is fairly safe, especially if you're keeping up with security on all of them.
Quote from: SaltyPilchard on October 28, 2023, 02:24:34 PM
So i have tried this rule with no success.
Not sure that's right.
I also added the game ports and windows SMB ports
This seems to be another bit of confusion in regards to the direction of rules and ports.
Your computer is connecting to the game server. Therefore connections go OUT from your computer, IN to OPNSense, then OUT from OPNSense and IN to the game server.
So the rule should be on the in side of the OPNSense interface the computer is on, not the one the game server is on.
Regarding source ports. There's rarely any reason to change them from any as they are generally randomly chosen. The destination ports are what you need to be concerned with.
Can you post a network diagram and your existing firewall rules? A lot of this would have automatically worked in the default LAN setup with just an added DMZ. The fact that you've added a bunch of VLANs means that it's impossible to tell what the existing connectivity state is.
Quote from: SaltyPilchard on October 28, 2023, 02:24:34 PM
So i have tried this rule with no success.
Not sure that's right.
I also added the game ports and windows SMB ports
Can you try the ports the other way around? That is source any and destination the ports alias. Most traffic is from random ports. It's the destination port that is of most relevance.
Example ssh. That protocol uses port 22. When initiating a connection to a server listening on port 22, the client will use a random source port, with destination 22.