OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of gladston3 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - gladston3

Pages: [1]
1
18.1 Legacy Series / Re: Block all but allow WAN/internet access
« on: July 18, 2018, 09:49:46 am »
Quote from: JasMan on July 18, 2018, 07:25:35 am
There's no firewall object for Internet hosts. But you can create an alias with all privat networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), add it as destination in your rule and invert it. That's how I did it. Works fine.

Ahh, that's what I was looking for. Brilliant idea which I would have never figured out by myself ;) since it's a little bit complicated/counterintuitive imho.

Nevertheless, thanks a lot! That did the trick :)

Cheers
-gladston3

2
18.1 Legacy Series / Re: Block all but allow WAN/internet access
« on: July 17, 2018, 10:27:17 pm »
Hi, thanks for your answer!

Quote from: JasMan on July 17, 2018, 09:37:00 pm
Hey gladston3,

There's no need for an "block all" rule to block traffic between the LAN ports. The default blocking rule of the firewall will block the traffic between your different subnets if is not explicit allowed by an rule.

okay, understood.

Quote from: JasMan on July 17, 2018, 09:37:00 pm
To access the Internet you need to configure NAT for each subnet first.

Do you mean outbound NAT rules? Those are set automatically in the default settings, aren't they?

Quote from: JasMan on July 17, 2018, 09:37:00 pm
Then you will need some allow rules for each service and subnet you would like to allow.
You can use floating rule to create one rule e.g. for HTTP(S) to WAN for all your LAN interfaces.
Choose the WAN gateway to allow this traffic only for WAN. Otherwise it will also allow HTTP(S) between your subnets.

That's where I am struggeling. What do I have to put at "destination" so WAN traffic is allowed? The only option with which I got it working was "any" and that's definitely not what I want. Can you maybe show me a sample rule for HTTPS or any other service?

Thanks once again
Cheers
-gladston3
 



3
18.1 Legacy Series / Block all but allow WAN/internet access
« on: July 17, 2018, 06:03:35 pm »
Hi,

I have multiple LAN/opt ports and would like to keep them isolated from each other but allow WAN/internet access on all of them. So my plan was to create a block all rule for each LAN/opt port and put a rule above which allows the WAN/internet traffic. Unfortunately I was unable to create such a rule. It didn't matter what I tried I wasn't able to access the internet. Can anyone please guide me or give me a hint how to do that?

I know that I could make a allow all rule and put the block rules for each subnet above that, but that becomes quite unhandy when you have multiple ports/networks. So I want to avoid that approach.

Thank you very much in advance
Cheers
-gladston3

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2