"
oh, thank you very much! I was convinced that I should specify that the address was part of /24 subnet! what an idiot I am, thank you very much! Thank also for IPv6 netmask!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
23.1 Legacy Series / [SOLVED] Firewall rules: allow traffic to single host
June 03, 2023, 05:03:53 AM
Hello,
I use opnsense as router in my home. I started using it as basic router, and slowly I'm using more and more advanced features. Now I'm playing with firewall rules, but... something goes wrong.
We can suppose I have two network (actually not true but is an example), for simplicity we can call them LAN and EV1. The first, LAN, is my main LAN in opnsense (192.168.1.0/24), and EV1 is another network (192.168.3.0/24).
The two network are allowed to go on internet, but have to be isolated, with a single exception: any computer on EV1 can reach a single server on LAN (again, is an example, I only want to experiment and learn)
In the attachment there is a screenshot of rules on EV1 interface.
If we ignore the second rule, everything works ok, LAN reach internet, EV1 reach internet, and are isolated. But when I add/enable the second rule, the two network are no longer isolated, from EV1 i can ping every host on LAN, not only 192.168.1.14. Why? Where am I doing wrong?
Very thanks in advance!
ps: yes i know that "any", talking about firewall, is not a friendly word: to reach the server on 192.168.1.14 I could specify the exact protocol and correct ports, for now I'm just playing and learning. I just want to understand why that rule doesn't work as expected
pps: Sorry for my language!
I use opnsense as router in my home. I started using it as basic router, and slowly I'm using more and more advanced features. Now I'm playing with firewall rules, but... something goes wrong.
We can suppose I have two network (actually not true but is an example), for simplicity we can call them LAN and EV1. The first, LAN, is my main LAN in opnsense (192.168.1.0/24), and EV1 is another network (192.168.3.0/24).
The two network are allowed to go on internet, but have to be isolated, with a single exception: any computer on EV1 can reach a single server on LAN (again, is an example, I only want to experiment and learn)
In the attachment there is a screenshot of rules on EV1 interface.
If we ignore the second rule, everything works ok, LAN reach internet, EV1 reach internet, and are isolated. But when I add/enable the second rule, the two network are no longer isolated, from EV1 i can ping every host on LAN, not only 192.168.1.14. Why? Where am I doing wrong?
Very thanks in advance!
ps: yes i know that "any", talking about firewall, is not a friendly word: to reach the server on 192.168.1.14 I could specify the exact protocol and correct ports, for now I'm just playing and learning. I just want to understand why that rule doesn't work as expected
pps: Sorry for my language!
Pages1
