OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: ruggerio on September 04, 2018, 12:35:49 pm

Title: Firewall-Question: Block a complete Network except WAN and mysql
Post by: ruggerio on September 04, 2018, 12:35:49 pm: i recently installed a Container (192.168.9.0/24) on a host machine (192.168.1.0/24) as a Web- and Mailserver. The server uses Mysql on the hostmachine, so it needs remote connection.

Firewall-Rules i assumed:

Network Container network:

In: From WAN to Web an Mail (incl. Portforwarding) - works fine
Out: To specified Ports like DNS per default, IGMP

Host Network:
In: From Container Network, Port 3306, allow only from the Webserver itself

I know the rules are done from the top to the bottom, one by one, the first match decides.

But whatever i do, if there is no rule to allow any traffic from any source on the Network Container network interface, i get no mysql-requests on the host-network. The firewall drops them.

My goal is to isolate the container network, and let just mysql-requests from the container to the host-network.

Thx,
Roger

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy