OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: Taomyn on January 22, 2019, 09:44:14 am
-
I have two separate local networks on my firewall, on different NICs each with it's own subnet. One is designated LAN (192.168.1.x) the other GUEST_LAN (192.168.100.x) and each has their own access point set up. This is all working well without issues except for one thing - I cannot manage the AP or any other resources on GUEST_LAN whilst connected to LAN. It's not the end of the world as I can jump onto another device on GUEST_LAN, but it's sometimes a little frustrating.
Is there a safe way to enable access for all devices on LAN to access all devices on GUEST_LAN but not the other way? I'm not sure what I need to configure to get this working or if it's actually possible or even advisable to do this.
-
This is pretty much a standard configuration. You can safely enable this by
Firewall: Rules: LAN
Source LAN Net; Destination Any ; Action Allow
Firewall: Rules: GUEST_LAN
Source GUEST_LAN net; Destination !LAN Net: Action Allow
-
This is pretty much a standard configuration. You can safely enable this by
Firewall: Rules: LAN
Source LAN Net; Destination Any ; Action Allow
Firewall: Rules: GUEST_LAN
Source GUEST_LAN net; Destination !LAN Net: Action Allow
I already have rule on the LAN part of the firewall doing exactly that, yet I cannot contact anything of the other network from either network. It's the default rule.
-
Enable logging for certain rules and see if an earlier rule applies or if those rules apply at all.
-
Enable logging for certain rules and see if an earlier rule applies or if those rules apply at all.
For LAN and GUEST_LAN I only have the default allow rules, all the other rules under "Floating" and "WAN" are for external networks.
I tried to add a source:"LAN net", destination "GUEST_LAN net" under "GUEST_LAN" but that made no difference.
-
Yet again: enable logging for those to see if they match or not.
-
I enabled logging and also the extra logging from the system settings, and the only hits for the IPs on GUEST_LAN were these