OPNsense Forum

English Forums => General Discussion => Topic started by: Imnot A Robot on November 26, 2021, 03:13:09 pm

Title: Simple FW rule yet no internet
Post by: Imnot A Robot on November 26, 2021, 03:13:09 pm

Can someone help me understand why I'm not getting internet on my IoT interface when I enable the Block Private Networks rule?

(https://drive.google.com/file/d/1KhywqHZFXCOwXPP22Osci5WFKWFUqf9D/view?usp=sharing)

Private networks are: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

There's 1 WAN interface, 1 LAN (192.168.1.1), & 1 IoT (192.168.2.1)


 :-\ And I'm unable to insert the screenshot URL so I'm attaching it. Please have a look.


Thanks,
Chris

Title: Re: Simple FW rule yet no internet
Post by: nodakbarnes on November 28, 2021, 09:46:11 pm

So I'm fairly new to OPNsense myself but shouldn't this rule be covered under Interfaces --> WAN and then checking the box under Generic configuration for "Block private network"?

Once this is done it places an automatically generated rule in the firewall as desired (it did for mine at least). You need to click the little down arrow at the top of the rules to expand the automatically generated and you should see it.

Title: Re: Simple FW rule yet no internet
Post by: Greelan on November 28, 2021, 11:29:14 pm

Probably because your first rule is blocking access to the gateway, and in particular DNS.

You just need two rules. One to allow IOT net to access IOT address (you can limit this to just DNS if you want, but there may be other gateway services that are relevant, such as NTP) and then a second allow rule with destination of private networks but inverted, so that it allows everything except for a private network destination.

Title: Re: Simple FW rule yet no internet
Post by: Imnot A Robot on November 29, 2021, 03:03:57 am

Awesome it works!

Thanks OPNsense community!

Chris