Hi,
I have created a new VLAN (10). That VLAN needs access to internet, and certain LAN services.
DHCP is working fine, and I have added port 53 for access to Unbound DNS on the firewall. However, when I want to allow HTTP to internet, it does not work. The destination "WAN net" does not work. When I allow * as destination, it does work, but that also allows access to LAN resources using HTTP, which is something I don't want.
What am I doing wrong ?
"WAN net" is the network directly connected to your WAN interface. "The Internet" is "*".
To achieve what you need keep in mind that firewall rules are evaluated in order. So on your VLAN interface create these rules:
action: permit
source: any or VLAN net
destination: those certain LAN services (use e.g. a group alias)
Possibly more rules like the above depending on the granularity and the combinations of hosts and services
Then:
action: deny
source: any
destination: LAN net
Then:
action: permit
source: any
destination: *
HTH,
Patrick
as I'm new to OPNsense, the fact that "*" is the internet is imho a bit confusing, as putting "*" as destination also allows access to LAN.
but this does help a lot. thanks Patrick
br,
Bram