1
General Discussion / Need help understanding VLAN rules
« on: July 10, 2022, 03:21:13 pm »
My network has four VLANs, each represented by an interface on my OPNsense host - WAN, LAN, management (MGMT) and IoT - each with their own IP subnet. The MGMT VLAN is for SNMP traffic, VM movement, accessing iLO/DRAC, etc.
My goal is to restrict anything originating from within MGMT or IoT VLANs from getting out, but to allow only my LAN-based hosts to initiate sessions with devices on the MGMT and IoT VLANs.
I have the default "LAN to anywhere" rules, but that doesn't seem to allow me to get into the management VLAN from my LAN-connected host. And so I'm sure I'm just confused as to where I would put the rules for accessing the other VLANs from the LAN VLAN. Would that be on the MGMT and IoT interfaces, or the LAN interface? I've tried putting in rules for allowing traffic from LAN to MGMT (using both "in" and "out") on the MGMT interface, but I still can't ping or access any hosts.
Or is this a routing issue? I was under the impression that OPNsense automatically knew routing between its own interfaces.
Might anyone be able to point me to something up to date on managing inter-VLAN traffic? I've looked at a few blogs and such, but they seem to be for much older versions and the interface and rule management have changed over time.
Thanks!
แทงบาคาร่าออนไลน์
My goal is to restrict anything originating from within MGMT or IoT VLANs from getting out, but to allow only my LAN-based hosts to initiate sessions with devices on the MGMT and IoT VLANs.
I have the default "LAN to anywhere" rules, but that doesn't seem to allow me to get into the management VLAN from my LAN-connected host. And so I'm sure I'm just confused as to where I would put the rules for accessing the other VLANs from the LAN VLAN. Would that be on the MGMT and IoT interfaces, or the LAN interface? I've tried putting in rules for allowing traffic from LAN to MGMT (using both "in" and "out") on the MGMT interface, but I still can't ping or access any hosts.
Or is this a routing issue? I was under the impression that OPNsense automatically knew routing between its own interfaces.
Might anyone be able to point me to something up to date on managing inter-VLAN traffic? I've looked at a few blogs and such, but they seem to be for much older versions and the interface and rule management have changed over time.
Thanks!
แทงบาคาร่าออนไลน์