Show Posts
1
19.1 Legacy Series / multi WAN and routing from DMZ to LAN
« on: July 04, 2019, 03:52:05 pm »
Hi all,
I am new to opnsense and am configuring a 19.1 box. My configuration is as follows:
- 2 WAN interfaces configured for failover WAN1, WAN2
- LAN interface
- DMZ interface
- OPT1 interface
I set up multi WAN and all seems to work. In order to do correct routing (at least, I suppose) I added in firewall - rules - LAN a rule to forward all traffic through the gateway group which is configured for failover. Just in top of it, a rule whch routes LAN to DMZ traffic through default gateway to avoid it to be routed towards WAN.
Similar configurations are in place on DMZ and OPT1 interfaces to permit traffic towards each other.
The problem is, doing so I am basically opening traffic for example from DMZ to LAN. I thought I could patch this with a block rule on LAN interface to filter traffic from DMZ to LAN, but looks like it does not work (I think once the DMZ rule has set PASS on the connection, no further rules are processed, right?). Any help? Thanks in advance.
I am new to opnsense and am configuring a 19.1 box. My configuration is as follows:
- 2 WAN interfaces configured for failover WAN1, WAN2
- LAN interface
- DMZ interface
- OPT1 interface
I set up multi WAN and all seems to work. In order to do correct routing (at least, I suppose) I added in firewall - rules - LAN a rule to forward all traffic through the gateway group which is configured for failover. Just in top of it, a rule whch routes LAN to DMZ traffic through default gateway to avoid it to be routed towards WAN.
Similar configurations are in place on DMZ and OPT1 interfaces to permit traffic towards each other.
The problem is, doing so I am basically opening traffic for example from DMZ to LAN. I thought I could patch this with a block rule on LAN interface to filter traffic from DMZ to LAN, but looks like it does not work (I think once the DMZ rule has set PASS on the connection, no further rules are processed, right?). Any help? Thanks in advance.