Show Posts
1
23.7 Legacy Series / vlan host to internet and vlan only
« on: February 07, 2024, 06:44:36 am »
First time opnsneser long time lurker
Just finished justifying the purchase of a 4 port N100. To get started I have everything able to access everything with dhcp on all interfaces in the gateway setup below.
Interfaces : Gateway
1)WIFI : 192.168.50.1 (I plug my wifi AP here)
2)LAB : <<physical port - no gateway
- LABVlan60 192.168.60.1 << uses LAB physical port
3)Media: 192.168.40.1
4)WAN : Internet
My rules are open on everything right now. All Interfaces except WAN have these rules:
IPv4-6
Source. *
Port *
Dest *
Port *
Gateway *
What I would like to do is allow one host , 192.168.60.10 to be able to access only other machines within its vlan60 and the internet. I couldn't figure that out so I am trying to just do this rule:
Here is the firewall rule I tried to add in Labvlan60:
Action: Block
Interface : labvlan60
Direction: OUT
TCP/IP : ipv4
Protocol: Any
Source : Single Host: 192.168.60.10/24.
Destination : Media net
Rule order:
1. The rule stated above
2. * any any rule
In my head this rule works like this .. block any traffic from host 60.10 OUT of interface Labvlan60 from accessing any Media net network host.
But right now 60.10 can ping 40.10 (media net host) but its not supposed to , not sure what I did wrong
Just finished justifying the purchase of a 4 port N100. To get started I have everything able to access everything with dhcp on all interfaces in the gateway setup below.
Interfaces : Gateway
1)WIFI : 192.168.50.1 (I plug my wifi AP here)
2)LAB : <<physical port - no gateway
- LABVlan60 192.168.60.1 << uses LAB physical port
3)Media: 192.168.40.1
4)WAN : Internet
My rules are open on everything right now. All Interfaces except WAN have these rules:
IPv4-6
Source. *
Port *
Dest *
Port *
Gateway *
What I would like to do is allow one host , 192.168.60.10 to be able to access only other machines within its vlan60 and the internet. I couldn't figure that out so I am trying to just do this rule:
Here is the firewall rule I tried to add in Labvlan60:
Action: Block
Interface : labvlan60
Direction: OUT
TCP/IP : ipv4
Protocol: Any
Source : Single Host: 192.168.60.10/24.
Destination : Media net
Rule order:
1. The rule stated above
2. * any any rule
In my head this rule works like this .. block any traffic from host 60.10 OUT of interface Labvlan60 from accessing any Media net network host.
But right now 60.10 can ping 40.10 (media net host) but its not supposed to , not sure what I did wrong