OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: loganx1121 on November 08, 2019, 03:36:08 am
-
So I have several subnets inside my LAN and right now, to get out to the interent, there are rules for each of the subnets on the LAN interface of the firewall that basically say - allow ipv4 out to anything.
I decided I wanted to try to tighten these up a bit, so I was trying to change the destination to my WAN interface (which I've named INET) and every time I try to do that, nothing on the subnet can get outside the LAN network. I've tried making the rule go in and out on the WAN interface, I've tried in and out on the LAN interface...I've tried a bunch of things, but it seems like regardless of what I do, nothing on my server subnet can get out to the internet. Here's some screenshots of what I tried last that isn't working.
I'm testing this by trying to ping continuously to 8.8.8.8 from one of the servers, and I can see it hitting the default deny rule, I'm just not sure why.
Thanks in advance for any advice
-
I would have thought that 8.8.8.8 is not your WAN interface address. If it is, say hi to the rest of the guys at Alphabet :o
The range of destination IP's on the internet is best captured with 'any'. If you want to exercise more control you should look at running a squid proxy on OPNsense.
Bart...