OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of rogers_mws »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - rogers_mws

Pages: [1]
1
24.1 Legacy Series / Re: Help with Firewall rules
« on: June 02, 2024, 10:57:02 pm »
Thanks for your reply  :)

I have tried to do this, but it seems as though it's just ignoring the allow rule for some reason and blocks everything?

So I have a host alias with 10.0.30.10 and this has an allow rule to an alias url table with www.microsoft.com and still not access just to that website.
It seems to only give me access to the internet using this format when I specify destination protocol as 'any'

its bizarre, or I'm just doing something wrong   ???

2
24.1 Legacy Series / Help with Firewall rules
« on: June 02, 2024, 11:56:17 am »

 L3 Switch -------------------- OPNsense -------------------- Internet
 10.10.10.1 /24                    10.10.10.254                       DHCP

 VLANS configured                10.10.10.1 Gateway
 10.10.10.1                          10.10.10.0 Route
 10.10.20.1                          10.10.20.0 Route
 10.10.30.1                          10.10.30.0 Route


As per the diagram attached (it's a bit crap sorry) I have a L3 switch that all my VLANs are configured on, I use this to do all my routing in my home network. I use different VLANs to separate home and network devices.

The goal I want to achieve is to allow internet access to VLAN10 and VLAN20 (Private_networks alias) that is unrestricted and can get to any destination on the internet but specific hosts within  VLAN30 I want to restrict which websites it can get to, for argument sake www.microsoft.com.

VLAN 10 – management net
VLAN 20 – home net
VLAN 30 – server net
       10.10.30.10 – Host I want to restrict
       10.10.30.100 – Domain controller (part of the domain_controller alias)

L3 Switch is configured with all VLANs and is routing accordingly.
Default route set to the OPNsense (10.10.10.254)
NAT is set up for each network on the OPNsense
A gateway is configured on the OPNsense with the routes back to the L3 Switch (10.10.10.1)
Private_networks alias has 10.10.10.0/24 and 10.10.20.0/24 added as networks

 
I added the above firewall rules

1.   Allow anything to ping anything
2.   Allow domain controllers to access Cloudflare DNS (DNS forwarders configured)
3.   Allow 10.10.30.10 access to Microsoft website (be default should block everything else?)
4.   Allow all other Private_networks access to the internet

From the host 10.10.30.10, I can ping anything on the internet and do DNS lookups so I know that the first 2 rules are working, but access to www.microsoft.com doesn’t work?
Can anyone point in the right direction for what I’m doing wrong? Any help would be appreciated!
Thanks,

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2