OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of e1e0n »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - e1e0n

Pages: [1]
1
General Discussion / Re: Clearing Automatically Generated Rules
« on: June 20, 2023, 09:23:37 pm »
I think there is an issue with these settings, DNS is no working. I did enable LAN to this Firewall for LAN and it seems to fix problem with DNS, not sure if this is correct.

Quote from: pmhausen on June 18, 2023, 07:35:54 am
You do not need any rules on WAN.

LAN2 - 1st rule:

Source: LAN2 net
Destination LAN net
Direction: in
Action: deny

LAN2 - 2nd rule:

Source: LAN2 net
Destination: any
Direction: in
Action: allow
Gateway: WAN2 GW

LAN - 1st rule:

Source: LAN net
Destination LAN2 net
Direction: in
Action: deny

LAN - 2nd rule:

Source: LAN net
Destination: any
Direction: in
Action: allow
Gateway: WAN GW

"Out" rules are practically never used due to the stateful nature of the firewall. But this is how all firewalls have worked for ages, actually. When a client on LAN tries to reach "something" on the Internet, the initial packet is coming in the LAN interface. So "in" rule.

HTH,
Patrick

2
General Discussion / Re: Clearing Automatically Generated Rules
« on: June 18, 2023, 12:07:36 pm »
Oh, thanks, I will try that.

Thanks! It works!

3
General Discussion / Re: Clearing Automatically Generated Rules
« on: June 17, 2023, 10:47:58 pm »
My problem is that on LAN2 which suppose to route to WAN2 actually routes through WAN I tried blocking rule on LAN2 and LAN not to do cross traffic and it seems that it does not work.

PS I tried to get help on forum earlier but the only advice I got was disabling auto generated rules (and I don't know how to do that without hard resetting router).

Here are my settings for LAN/WAN and client from LAN2 gets external ip from WAN :(
My fw understanding is basic, probably I am doing something wrong?

4
General Discussion / Re: Clearing Automatically Generated Rules
« on: June 17, 2023, 08:29:46 pm »
I know it's old. May I disagree? If I need something like blocking inter-lan traffic I should not have to learn all the tricks. It would be nice to have ability to insert user rules before auto-generated. At this moment it's either completely disable autogenerated rules or start learning _all_ internals (which I don't want to spend time on because it's one time simple config which I am not allowed to do because of the auto generated rules).
All I need is to block traffic LAN/WAN <-> LAN2/WAN2 and  it seems to be really difficult to do even though just adding my own rule before any autogenerated rule would solve this.

Quote from: franco on October 19, 2022, 09:56:30 am
> For me I want full control of my firewall rule.

You know this statement has two fundamental flaws?

1. You don't need a GUI for that.
2. You will likely create too broad exceptions for internal services like DNS or DHCP or IPv6, or not get it to work at all without knowing all of these by heart.


Cheers,
Franco

5
Tutorials and FAQs / Re: I would like to implement two routers in one
« on: May 23, 2023, 03:04:44 am »
Quote from: pmhausen on May 20, 2023, 11:08:09 am
This works perfectly well if done correctly. Please show your configuration - just two sentences stating "it doesn't work" is too little information to help you.

Essentially you need to

- set up 2 WAN ports and gateways
- set up 2 LAN ports without gateways
- set NAT to manual
- create two outbound NAT rules - one for each WAN port with one of the LAN networks as source
- create two permit rules - one for each LAN ports, explicitly setting the desired WAN gateway

HTH,
Patrick

for >> - create two permit rules - one for each LAN ports, explicitly setting the desired WAN gateway

When I set Gateway in LAN rules (to WAN_DHCP in my case) it blocks traffic. Setting to '*' enables. I am at the dead end  :(

6
Tutorials and FAQs / Re: I would like to implement two routers in one
« on: May 20, 2023, 10:59:46 pm »
Gotta try after long weekend ;)

7
Tutorials and FAQs / Re: I would like to implement two routers in one
« on: May 20, 2023, 01:33:41 pm »
Thanks, I though about that, full manual, but I am not very confident in doing that :) Will the auto generated rules be preserved? Do I need to recreate bunch of all other autogenerated rules? I don't really understand many of them. Would be nice to have ability just to override them. I was suspicious that autogenerated rules are messing with me :)

8
Tutorials and FAQs / I would like to implement two routers in one
« on: May 20, 2023, 01:01:23 am »
I would like to implement two routers in one, ie I would like to have 2 WAN and 2LAN ports. Traffic should be isolated. I can't select ip4 gataway for LANs :(. pfSense allows this easily. Please, how can I do that? Default setting would just choose one upstream gateway and use it. I tried setting Firewall rules but they don't seem to work :((((

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2