OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of dave79 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - dave79

Pages: [1]
1
20.7 Legacy Series / Re: Blocking a LAN device from WAN, device can still connect to WAN network
« on: July 25, 2020, 11:05:19 pm »
Thanks both very much for the help, you've explained it perfectly to me :) Will have a read up on those links too.

Good point on the network time gpb, another option I thought of is spinning up a small NTP docker container on my server.

Thanks again both!

Edit: Just changed the alias to host and the rule back to alias and that works perfectly too. Muchas Gracias.

2
20.7 Legacy Series / Re: Blocking a LAN device from WAN, device can still connect to WAN network
« on: July 25, 2020, 08:20:49 am »
Ah! That's got it, thanks! I thought the subnet would be the same as under the DHCP settings, but I think I get why it shouldn't be.. It was restricting every IP on the same subnet as the specified IP.

Out of interest, do you know why this rule is functioning correctly with the direction set to 'in'? I can't get my head round that. There's no traffic coming into LAN, it's already within it... or is this a total misconception?

PS. I was going to karma all your posts but apparently I need to wait 1 hour between :P

3
20.7 Legacy Series / Re: Blocking a LAN device from WAN, device can still connect to WAN network
« on: July 25, 2020, 12:14:53 am »
Ok, setting to the attached worked, but also blocked every other LAN device from accessing WAN...  :o

Surely a firewall shouldn't be this nonsensical? How does specifying just one IP block other devices?!


4
20.7 Legacy Series / Re: Blocking a LAN device from WAN, device can still connect to WAN network
« on: July 24, 2020, 09:27:22 pm »
Thanks for the reply, do you mean as in the attached screenshot? It's still not blocking the connection. :(

5
20.7 Legacy Series / [Solved] Blocking a LAN device from WAN, device can still connect to WAN network
« on: July 24, 2020, 06:08:42 pm »
Hi all

So I have read this: https://forum.opnsense.org/index.php?topic=6471.0 along with a few other threads, but I must have something wrong in my config.

I have a single cheap Chinese camera (Reolink) which I want to block from WAN. I am only connecting to it via LAN, and figured the easiest way to stop the Chinese cloud would be just to block it from accessing the WAN altogether.

What I have done:

1. Setup camera using app, static IP, enforced with MAC via OPNsense
2. Make an alias with just that IP in OPNsense
3. Disconnect my phone  from wifi, thus requiring a cloud connection - I can connect to the camera as expected
4. Add firewall rule blocking anything from that alias to WAN net
5. Try to connect to the camera again via app - it still connects, expected behavior is that it should not

My rule is in: Firewall > Rules > LAN

Attached are screenshots of my config.

What am I doing wrong?



Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2