Text only | Text with Images

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: lonewolf7 on December 24, 2023, 03:44:02 PM

Title: Dissalow https and ssh services from a host
Post by: lonewolf7 on December 24, 2023, 03:44:02 PM
Hello to everyone, i have a home network with 192.168.1.0/24 subnet, router is on 192.168.1.1. I made a fresh installation of opnsense at a VMware VM with 2 adapters, 1 bridge for WAN and 1 host-only for LAN with IP 192.168.10.1. I also setted 1 ubuntu VM in the 192.168.10.0/24 network with host only adapter. How i can dissalow the traffic for https and ssh services for the ubuntu VM ? I tried to set 2 inbound and 2 outbound rules on LAN interface for the specific host but i can still connect to https and make/receive ssh connections. Thank you in advance
Title: Re: Dissalow https and ssh services from a host
Post by: doktornotor on December 24, 2023, 06:06:54 PM
Connect from where?
Title: Re: Dissalow https and ssh services from a host
Post by: lonewolf7 on December 24, 2023, 06:07:51 PM
from other hosts the to the restricted one via SSH
Title: Re: Dissalow https and ssh services from a host
Post by: doktornotor on December 24, 2023, 06:10:07 PM
What other hosts? On LAN? They go through the switch, you cannot do this on the firewall.
Title: Re: Dissalow https and ssh services from a host
Post by: lonewolf7 on December 24, 2023, 06:13:39 PM
i want for a host that has IP 192.168.6.10/24 disable SSH services for incoming and outgoing connection. It cant be done?
Title: Re: Dissalow https and ssh services from a host
Post by: doktornotor on December 24, 2023, 06:31:12 PM
Not when the Ubuntu VM is on the same interface/subnet as the hosts you want to block access from.
Title: Re: Dissalow https and ssh services from a host
Post by: lonewolf7 on December 24, 2023, 06:52:18 PM
Can you guide me please what to do?
Title: Re: Dissalow https and ssh services from a host
Post by: doktornotor on December 24, 2023, 06:55:22 PM
Put the VM on a new interface, like 192.168.100.0/24, not on LAN.
Title: Re: Dissalow https and ssh services from a host
Post by: lonewolf7 on December 24, 2023, 07:09:45 PM
still doesnt work
Title: Re: Dissalow https and ssh services from a host
Post by: doktornotor on December 24, 2023, 08:10:24 PM
Eh, post your network setup and firewall rules. Crystal ball missing.
Title: Re: Dissalow https and ssh services from a host
Post by: lonewolf7 on December 26, 2023, 01:52:18 PM
Home Network 192.168.1.0/24 (gateway 192.168.1.1)
OPNsense at VMware VM with 2 network adapters (1 Bridge-Mode for WAN (DCHP for WAN) & 1 Host-only for LAN 192.168.6.1
Ubuntu client at VMware VM with network adapter host-only (192.168.6.10 static IP and gateway OPNsense)
Title: Re: Dissalow https and ssh services from a host
Post by: doktornotor on December 26, 2023, 03:09:24 PM
Can you post the firewall rules as requested. Screenshots, not description.
Title: Re: Dissalow https and ssh services from a host
Post by: lonewolf7 on December 26, 2023, 03:21:24 PM
Attached
Title: Re: Dissalow https and ssh services from a host
Post by: doktornotor on December 26, 2023, 06:32:44 PM
What's the "blocked host"?
Title: Re: Dissalow https and ssh services from a host
Post by: lonewolf7 on December 26, 2023, 06:44:15 PM
the ubuntu client
Title: Re: Dissalow https and ssh services from a host
Post by: doktornotor on December 27, 2023, 02:56:27 PM
There are international subforums here, perhaps post there. Because two days later, I still do NOT get what are you trying to do.


You want to:
- prevent access TO the Ubuntu machine (which is running SSH/HTTPS) from LAN?
- prevent access FROM the Ubuntu machine on another subnet TO LAN machines running SSH/HTTPS?
- something else?

The Ubuntu machine is:
- on LAN (192.168.1.0/24)?
- somewhere else (192.168.10.0/24)?

The firewall rules you posted are
- on LAN interface (192.168.1.0/24)?
- somewhere else (192.168.10.0/24)?
Text only | Text with Images