OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: tekgeek on September 28, 2018, 03:18:58 am

Title: 4 interfaces, 1 wan, 3 lans, 1 vpn
Post by: tekgeek on September 28, 2018, 03:18:58 am: FIXED:
See 2nd post

So im trying to set up OPNsense with 3 LANs, a gateway, a vpn, and 4 physical interfaces.

bce0 - WAN : DHCP from cable modem : will soon be upgrading to gigabit internet, currently just 300/75

bce1 - LAN : 10.10.1.1/24 : TV's, Roku's, "Smart" devices, gaming devices, WIFI 1

bce2 - PIA : 10.10.2.1/24 : Servers, Desktops, Laptops, Cell Phones, WIFI 2

bce3 - MAN : 10.10.0.1/24 : Switches, IPMI (ILO, DRAC, BMC), UPCs, Tape Library

I want every device accessible to each other but.....
-The devices on the PIA lan should only be able to access the internet via the PIA VPN
-LAN - WAN
-MAN - no internet access,

I can get the interfaces configured and DHCP working on all the networks, but when it comes to the firewall im completely useless. I've been using pfSense guides and just general poking around to get this far. Opnsense's firewall is a lot different than pfSense's, and ive always just let the firewall do it own thing in the past with a simple 2 interfaces 1 WAN, 1 LAN config, with NAT.

So starting with a factory reset then the guided setup. Here is what I've done:
-add the 2 other interfaces and configured DHCP for them
-Copied/modified the default allow all rules to all the LAN's
-when that failed to allow a ping from one lan to another I tried adding allow rules in both directions on all lans, still no ping

haven't touched anything else? What should I do next? I can get internet on all LAN's and can ping the other LAN interfaces but I cant ping any clients in the LANs.

LAN : CAN reach the internet and ping opnsense MAN and PIA interfaces. CANNOT ping any computer on MAN or PIA

MAN : CAN reach the internet and ping opnsense LAN and PIA Interfaces. CANNOT ping any computer on LAN or PIA

PIA : CAN reach the internet and ping opnsense LAN and MAN interfaces. CANNOT ping any computer on LAN or MAN

I feel like all my firewall rules are redundant except the copied default rule? What am I missing? I havent had a more complicated setup than a Netgear or Linksys WIFI router? So im a bit out of my dept.

Current firewall rules:

LAN
Code: [Select]
Firewall: Rules: LAN Add Proto Source Port Destination Port Gateway Schedule Description * * * LAN Address 443, 80 * Anti-Lockout Rule IPv4 * LAN net * * * * Default allow LAN to any rule IPv4 * LAN net * PIA net * * IPv4 * PIA net * LAN net * * IPv4 * LAN net * MAN net * * IPv4 * MAN net * LAN net * *
PIA
Code: [Select]
Firewall: Rules: PIA Add Proto Source Port Destination Port Gateway Schedule Description IPv4 * PIA net * * * * Default allow PIA to any rule IPv4 * PIA net * LAN net * Null4 IPv4 * LAN net * PIA net * Null4 IPv4 * PIA net * MAN net * * IPv4 * MAN net * PIA net * *
MAN
Code: [Select]
Firewall: Rules: MAN Add Proto Source Port Destination Port Gateway Schedule Description IPv4 * MAN net * * * * Default allow WAN to any rule IPv4 * MAN net * LAN net * * IPv4 * LAN net * MAN net * * IPv4 * MAN net * PIA net * * IPv4 * PIA net * MAN net * *
WAN
Code: [Select]
Firewall: Rules: WAN Add Proto Source Port Destination Port Gateway Schedule Description * RFC 1918 networks * * * * Block private networks * Reserved/not assigned by IANA * * * * Block bogon networks
Title: Re: 4 interfaces, 1 wan, 3 lans, 1 vpn
Post by: tekgeek on September 28, 2018, 04:37:12 am: Nevermind.......It was the windows firewall......i removed the extra firewall entries and everything works with default pass all entries.

Can i use a "floating" entry to allow all on all interfaces.....then restrict things with deny entries?.....New to firewalls and networking, i could always get by with one subnet in the past. Adding PIA to the mix has complicated things.