Messages

1

General Discussion / Re: Block OPT->LAN but allow LAN->OPT?

« on: July 29, 2018, 09:45:35 pm »

Okay so I think it is working as expected, but I cannot connect to one particular host (192.168.2.2) on OPT1 from LAN, (even on the opnsense router itself). I can connect to it (it's a virtual lxd container), and see that it has an internet connection. I can connect to it from another device on OPT1, but even with all the firewall rules set back to default, I can't access it.

OPT1 192.168.2.1 -> OPT1 192.168.2.2 works
OPT1 192.168.2.1 -> LAN 192.168.1.3 works
OPT1 192.168.2.2 -> OPT1 192.168.2.1 works
OPT1 192.168.2.2 -> LAN 192.168.1.3 fails
LAN 192.168.1.3 -> OPT1 192.168.2.1 works
LAN 192.168.1.3 -> OPT1 192.168.2.2 fails

2

General Discussion / Can't access specific device on OPT1 from LAN -- EDITED see first 'reply'

« on: July 29, 2018, 08:31:36 pm »

I'm trying to figure this out. I'm new to OPNsense (in a VM) coming from Shibby Tomato (on my now AP). I set up a rule on OPT1 Interface as follows:

Block - Source:OPT1 Net - Dest:LAN Net

But now they can't communicate at all. My goal to access services on OPT1 but keep LAN safe if OPT1 becomes compromised. I assume this is possible?