"
I changed to /32 and that worked :)
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: Allow traffic from IOT to Lan on specific host and port.
August 06, 2021, 12:10:30 AM #2
General Discussion / Allow traffic from IOT to Lan on specific host and port.
August 05, 2021, 08:22:07 PM
Hi.
I am trying to get this to work here.. I am new to this :/
I have blocked all the traffic from IOT to the rest of the network but I want one host on IOT to be able to communicate with one host on LAN just for MQTT.
But I cant get it to work.. What have I done wrong?
https://i.ibb.co/qgzFdNQ/1.png
https://i.ibb.co/kB4hwWg/2.png
Best regards.
Tomas
I am trying to get this to work here.. I am new to this :/
I have blocked all the traffic from IOT to the rest of the network but I want one host on IOT to be able to communicate with one host on LAN just for MQTT.
But I cant get it to work.. What have I done wrong?
https://i.ibb.co/qgzFdNQ/1.png
https://i.ibb.co/kB4hwWg/2.png
Best regards.
Tomas
#3
General Discussion / Re: Nat masquerade between vlan
May 02, 2021, 01:47:02 PMQuote from: Greelan on May 01, 2021, 01:14:58 PMQuote from: slusk on May 01, 2021, 12:56:29 PMEnable hybrid mode, then in the rule make the translation/target "interface address", the rest should be self-explanatoryQuote from: Greelan on May 01, 2021, 01:33:39 AM
Outbound NAT rule on the IoT interface?
This seems to be the way, I will just need to figure out how :D
Yes this did the trick! Thx! :)
#4
General Discussion / Re: Nat masquerade between vlan
May 01, 2021, 12:58:51 PMQuote from: marjohn56 on May 01, 2021, 10:15:36 AM
You can do it the way I do it between my primary VLAN and my IOT VLAN. Primary can talk to any device on my IOT, IOT devices have no access to anything on the primary VLAN.
On your Primary VLAN you add a rule, this one should be there already, but if not.
Action: Pass
Proto: IPv4/6
Source: Any
Dest: Any
and on the IOT VLAN
Action: Block
Proto: IPv4/6
Source: Any
Dest: VLAN_Net
There are some others to block/allow specifics, but that's the basics.
The VLAN separation is working as it should all ready.
the problem is that the Xiaomi equipment reject the connection if its coming from another subnet.
There for I need to masq it so that it cant see that it coming from another subnet or else I wont be able to get the stuff info Home Assistant :(
#5
General Discussion / Re: Nat masquerade between vlan
May 01, 2021, 12:56:29 PMQuote from: Greelan on May 01, 2021, 01:33:39 AM
Outbound NAT rule on the IoT interface?
This seems to be the way, I will just need to figure out how :D
#6
General Discussion / Nat masquerade between vlan
May 01, 2021, 12:38:17 AM
Hi.
I have just moved over from Unifi to Opnsense and I am starting to get a hang of it.
But one thing I cant get to work or understand how to fix is to masq the traffic between 2 vlans.
I need it to be able to access some Xiaomi hardware on my IoT Vlan from my main vlan. It refuses traffic from other than its own vlan.
Is this possible to fix on opnsense and in that case how? ::)
On Unifi I could load it using a json file like this.. hope it helps my bad description.
I have just moved over from Unifi to Opnsense and I am starting to get a hang of it.
But one thing I cant get to work or understand how to fix is to masq the traffic between 2 vlans.
I need it to be able to access some Xiaomi hardware on my IoT Vlan from my main vlan. It refuses traffic from other than its own vlan.
Is this possible to fix on opnsense and in that case how? ::)
On Unifi I could load it using a json file like this.. hope it helps my bad description.
Code Select
{
"service":{
"nat":{
"rule":{
"5010":{
"description":"IoT",
"destination":{
"address":"192.168.20.0/24"
},
"log":"disable",
"outbound-interface":"eth0.20",
"protocol":"all",
"source":{
"address":"192.168.1.0/24"
},
"type":"masquerade"
}
}
}
}
Pages1
