1
22.7 Legacy Series / fire wall rules wrong?
« on: September 14, 2022, 01:20:26 pm »
ok, this is a double question tech its about firewall rules but it has vlan so if this is in the wrong area i will wait to get yelled at by the mods.
( a picture setup of the network is here https://ibb.co/c3nNx2P )
https://ibb.co/c3nNx2P
my network has about 11 vlan
only about 6 are being used the rest are place holders currently have NO ip/dchp/ and are turned off but even with OUT them this issue happens )
all networks are dchp on there own .
the set up is as follows (bxe4) = wan (fiber)
bxe5 = lan (main lan only "out" of the firewall fiber cord
vlan 2,3,4,5, (all are wifi) from a unifi point
vlan 6,7,8,9 all are spot holders for the time
vlan 10 server
vlan 11 sfp switch (test area) not being used but set up
a little art of the network is uploaded here i KNOW some of the ip's may upset ppl i do not care it does not matter what they are .
lan fire wall rule 1 any > any (this will get internet on the lan and touch all vlans)
OR rule 1 lan > any ( this will also get internet and vlan on all vlans so no separation)
M's network (my mothers set up)
any > any = all networks + internet
moms net > any = all networks + internet
any other setting = broken everything
HOWEVER if i set up ( server > momsnet or momnet > server ) (i forget at this point) it will allow the server to be touched on its vlan but no other vlans or internet to be used.
this to me does not make much sense sense the internet wont work the same but whatever. what the heck am i donig wrong ?
im following directions i found here >
cheat sheet
https://homenetworkguy.com/how-to/configure-opnsense-firewall-rules/
https://www.sunnyvalley.io/docs/network-security-tutorials/how-to-configure-opnsense-firewall-rules
the idea of this is as follows
vlan 2 (isolated guest network internet only with added rules such as no tiktock or porn)
vlan 3 (isolated internet only allows income /outgoing as she needs to have it for GOV job they check her pc randomly spy on it )
vlan 4 main home wifi / lan's should have internet be isolated but allowed to touch server on ip x.x.x.x/8096 /8042 (jellyfin addresses )
vlan 5 no internet AT ALL but allowed to be touched from main server for recording of sec cams
vlan 10 should be able to be touched from most vlans but only on 1ip/2 ports for jellyfin http/https (internal + external )
this is the over all goal.
i have NO floating rules at all no allies nothing im new to pf/opnsense i like opnbetter but willing to change if need be im sorta lost as the rules LOOK correct but dont work as intended so now im stuck as to not knowing why
everything else (aside from vlans) is "stock" on this firewall currently i have tried 8-11 installs (mostly cuz the update to 22.7.4 breaks it totally currently)
pls give me some help point to a video (if possible include pictures of proper set up as that works better than words for me so i can compare .
i should also note ::: if at ANY time lan rule is taken from any > any OR lan > any (all internet and vlan stops working everywhere no matter any other rules .
(there is only 1 gate way i think ) standard one. no other special rules only dchp over vlan
i have discord if u pref that to here
i do not check email much but will check the reply daily for 2 weeks or so. and hope somebody will help.
pictures found here of the lan set up
mom set up
over all rules
https://ibb.co/PY6pZzQ
https://ibb.co/PY6pZzQ assignments
https://ibb.co/kQMMs0J lan dchp set up
https://ibb.co/x2TqJy8 lan dchp set up pt2
https://ibb.co/s20kVgh lan interface set up p1
https://ibb.co/ZhdwkTQ mom fire wall rule 1
https://ibb.co/R0FB5fs lan fire wall rule 1http://
( a picture setup of the network is here https://ibb.co/c3nNx2P )
https://ibb.co/c3nNx2P
my network has about 11 vlan
only about 6 are being used the rest are place holders currently have NO ip/dchp/ and are turned off but even with OUT them this issue happens )
all networks are dchp on there own .
the set up is as follows (bxe4) = wan (fiber)
bxe5 = lan (main lan only "out" of the firewall fiber cord
vlan 2,3,4,5, (all are wifi) from a unifi point
vlan 6,7,8,9 all are spot holders for the time
vlan 10 server
vlan 11 sfp switch (test area) not being used but set up
a little art of the network is uploaded here i KNOW some of the ip's may upset ppl i do not care it does not matter what they are .
lan fire wall rule 1 any > any (this will get internet on the lan and touch all vlans)
OR rule 1 lan > any ( this will also get internet and vlan on all vlans so no separation)
M's network (my mothers set up)
any > any = all networks + internet
moms net > any = all networks + internet
any other setting = broken everything
HOWEVER if i set up ( server > momsnet or momnet > server ) (i forget at this point) it will allow the server to be touched on its vlan but no other vlans or internet to be used.
this to me does not make much sense sense the internet wont work the same but whatever. what the heck am i donig wrong ?
im following directions i found here >
cheat sheet
https://homenetworkguy.com/how-to/configure-opnsense-firewall-rules/
https://www.sunnyvalley.io/docs/network-security-tutorials/how-to-configure-opnsense-firewall-rules
the idea of this is as follows
vlan 2 (isolated guest network internet only with added rules such as no tiktock or porn)
vlan 3 (isolated internet only allows income /outgoing as she needs to have it for GOV job they check her pc randomly spy on it )
vlan 4 main home wifi / lan's should have internet be isolated but allowed to touch server on ip x.x.x.x/8096 /8042 (jellyfin addresses )
vlan 5 no internet AT ALL but allowed to be touched from main server for recording of sec cams
vlan 10 should be able to be touched from most vlans but only on 1ip/2 ports for jellyfin http/https (internal + external )
this is the over all goal.
i have NO floating rules at all no allies nothing im new to pf/opnsense i like opnbetter but willing to change if need be im sorta lost as the rules LOOK correct but dont work as intended so now im stuck as to not knowing why
everything else (aside from vlans) is "stock" on this firewall currently i have tried 8-11 installs (mostly cuz the update to 22.7.4 breaks it totally currently)
pls give me some help point to a video (if possible include pictures of proper set up as that works better than words for me so i can compare .
i should also note ::: if at ANY time lan rule is taken from any > any OR lan > any (all internet and vlan stops working everywhere no matter any other rules .
(there is only 1 gate way i think ) standard one. no other special rules only dchp over vlan
i have discord if u pref that to here
i do not check email much but will check the reply daily for 2 weeks or so. and hope somebody will help.
pictures found here of the lan set up
mom set up
over all rules
https://ibb.co/PY6pZzQ
https://ibb.co/PY6pZzQ assignments
https://ibb.co/kQMMs0J lan dchp set up
https://ibb.co/x2TqJy8 lan dchp set up pt2
https://ibb.co/s20kVgh lan interface set up p1
https://ibb.co/ZhdwkTQ mom fire wall rule 1
https://ibb.co/R0FB5fs lan fire wall rule 1http://