"
Edit: It comes to my attention that this is not the correct sub-forum to post issues to... I'm sorry for that, I can't find the ability to delete this or move it over, so I guess it'll stay here.
Hello, I have recently gotten into the whole custom router business. I am attempting to segment my network in a pretty typical way (DMZ, LAN, WAN) because I intend to expose services to the public through the DMZ. I have a VLAN (DMZ) that has the server that will run public services as a client. When I started adding firewall rules I began by copying the default LAN rules to allow access to the internet. Then I created the following rule:
Action: Block
Interface: DMZ
TCP/IP Version: IPv4+IPv6
Protocol: any
Source: DMZ net
Destination: LAN net
Description: Block outbound traffic to LAN
This rule is before the rules I cloned over from LAN. I have also attempted to create a similar rule on LAN that instead blocks anything from the source DMZ net.
Using telnet (on port 9443, a test server) from a client on DMZ to a client on LAN it is able to connect. I then disable the rules that were copied over from LAN and it performs as intended with the exception of having no internet access.
"Default" rules copied over from LAN just in case:
Action: Pass
Interface: DMZ
TCP/IP Version: IPv4
Protocol: any
Source: DMZ net
Destination: *
Description: Default allow DMZ to any rule
Action: Pass
Interface: DMZ
TCP/IP Version: IPv6
Protocol: any
Source: DMZ net
Destination: *
Description: Default allow DMZ IPv6 to any rule
If it helps, I used "Live View" underneath Log Files and the only rule that was activating was "let out anything from firewall host itself". As far as I know, activating that rule is default behavior, so it seems as if the rule I created is not being triggered at all.
I attempted to solve this issue by myself for the better portion of two days (Reading documentation, and searching alternative sources like these forums) I am sorry if this has been solved a million times before. If you need any more information on how I have the network setup, please ask.
Edit: I solved it... I attempted to use the live view and basically copy how the packet was sent then create a block rule for that. The issue was entirely me misunderstanding "in" and "out" I just had to turn the rule that I had created on LAN to out and it worked.
Hello, I have recently gotten into the whole custom router business. I am attempting to segment my network in a pretty typical way (DMZ, LAN, WAN) because I intend to expose services to the public through the DMZ. I have a VLAN (DMZ) that has the server that will run public services as a client. When I started adding firewall rules I began by copying the default LAN rules to allow access to the internet. Then I created the following rule:
Action: Block
Interface: DMZ
TCP/IP Version: IPv4+IPv6
Protocol: any
Source: DMZ net
Destination: LAN net
Description: Block outbound traffic to LAN
This rule is before the rules I cloned over from LAN. I have also attempted to create a similar rule on LAN that instead blocks anything from the source DMZ net.
Using telnet (on port 9443, a test server) from a client on DMZ to a client on LAN it is able to connect. I then disable the rules that were copied over from LAN and it performs as intended with the exception of having no internet access.
"Default" rules copied over from LAN just in case:
Action: Pass
Interface: DMZ
TCP/IP Version: IPv4
Protocol: any
Source: DMZ net
Destination: *
Description: Default allow DMZ to any rule
Action: Pass
Interface: DMZ
TCP/IP Version: IPv6
Protocol: any
Source: DMZ net
Destination: *
Description: Default allow DMZ IPv6 to any rule
If it helps, I used "Live View" underneath Log Files and the only rule that was activating was "let out anything from firewall host itself". As far as I know, activating that rule is default behavior, so it seems as if the rule I created is not being triggered at all.
I attempted to solve this issue by myself for the better portion of two days (Reading documentation, and searching alternative sources like these forums) I am sorry if this has been solved a million times before. If you need any more information on how I have the network setup, please ask.
Edit: I solved it... I attempted to use the live view and basically copy how the packet was sent then create a block rule for that. The issue was entirely me misunderstanding "in" and "out" I just had to turn the rule that I had created on LAN to out and it worked.
