OPNsense Forum
English Forums => General Discussion => Topic started by: GiantJack on June 13, 2019, 05:42:20 pm
-
Hi there !
I have on my LAN an openwrt router that I use as a dumb wifi AP.
I have setup a guest wifi AP on this device based on this howto:
http://steven-england.info/2014/11/01/openwrt-how-to-create-a-public-network-without-using-the-wan-interface/
my LAN is 192.168.1.0
My guest AP subnet is 192.168.4.0. guest devices gets IP from local DHCP in openwrt.
Following the howto, I have defined a route in opnsense to send any connexion to 192.168.4.0/24 to LAN address of my openwrt device (192.168.1.something).
I think I have everything working now, except that opnsense firewall is blocking any connexion from 192.168.4.0 to internet, based on "default deny rule"
I can see anything coming from 192.168.4.xxx is blocked, for example, in the firewall live logs:
lan Jun 13 17:33:19 192.168.4.107:45640 157.240.22.54:5222 tcp Default deny rule
I try to add a rules in LAN section to allows connexion from 192.168.4.0/24 to WAN....But didn't succeed...
It would be my very 1st rules on opnsense....if somebody can help (by the web interface is prefered) ?
Also, I was not able to find where is defined "default deny rules" ? is it visible on the web interface or implicit ?
-
Ok, I think I found.
I was using a rules to allows connexion from 192.168.4.0/24 to "WAN net" or "WAN address", but it needed to be to "any".
Is there any way to allows connexion to internet, but not to LAN? (not to 192.168.1.0/24)