Hi,
I want to isolate my LAN and OPT1 networks so they cannot access each other. I have tried some configurations, but it doesn't work as expected.
Can someone explain how to set this up correctly?
Right now it only works when I use the 10.0.0.0/24 IP range, but if I add an additional IP address range, I lose my internet connection.
Just to mention, I am a newbie to OPNsense.
Because of limitation of image upload, OPT1 is same firewall rule setup.
Set up OPT1 Interface with IP range different from LAN, including DHCP, DNS and outbound NAT.
Create FW rule on LAN to block traffic to OPT1network and vice versa. Done.
Just as a note, in your example ruleset you don't need the negated address in the pass rule, since you already blocked traffic to that destination. Technically you don't need the source address in the block rule, but you might wish to differentiate based on specified parameters. I do that quite a bit for logging (really, log viewing) purposes.
Thanks for your help! I realized I forgot to create an extra rule to allow DNS (port 53).