Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall Rule Processing Order + NAT + tags
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall Rule Processing Order + NAT + tags (Read 3507 times)
ruffy91
Jr. Member
Posts: 79
Karma: 9
Firewall Rule Processing Order + NAT + tags
«
on:
February 27, 2019, 02:32:19 pm »
Hi,
I'm trying to use tags in rules but I think I am missing some knowledge.
What I try to achieve:
All packets exiting through the wan interface should be allowed when they are coming from a specific network.
How I try to achieve this:
I tag packets on the manual outbound masquerading NAT rule.
I then match this tag on a floating rule on the WAN interface for outbound packets.
Example:
Outbound NAT on WAN for source 192.168.1.0/24, target any, translate source to WAN IP, add tag "internet"
Floating Rule pass on WAN for source any, target any, direction out, match tag "internet"
Processing order afaik is:
Outbound NAT rules
: tag "internet"
Inbound NAT rules such as Port Forwards
Internal automatic rules (pass and block for various items)
Rules defined on the floating tab
: match "internet" and pass
Rules defined on interface group tabs (Including IPsec and OpenVPN)
Rules defined on interface tabs (WAN, LAN, OPTx, etc)
Automatic VPN rules
But the packets coming from 192.168.1.0/24 going to WAN still are dropped by the default drop rule on interface LAN. Floating rule is "quick".
Does anyone have an idea what I am doing wrong?
Logged
newsense
Hero Member
Posts: 1037
Karma: 77
Re: Firewall Rule Processing Order + NAT + tags
«
Reply #1 on:
February 28, 2019, 07:22:11 am »
It surely looks like you would need a VPN Site2Site there, and as far as Rules are concerned clearly you don't have the default so it might be best to post a screenshot?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall Rule Processing Order + NAT + tags