Internet Out Vlans

[dmz00]

All,

The issue I'm trying to solve is that I'd like these vlans below able to get internet but not communicate with each other. I know by design that its deny all however the only way for me to get it working is deny all on each rule set then allow all but this probably isn't the best idea so I'd like to do it the correct way.

Automatic outbound NAT rule generation is enabled.

Management   - VLAN 98 
Home Lab         - VLAN 100
Windows        - VLAN 102
Linux        - VLAN 103

https://forum.opnsense.org/index.php?topic=9183.0 - Tried with no luck.

[mitsos]

Create an alias:

Code Select Expand

Local subnets
192.168.0.0/16

Substitute for your subnets.

Create one allow rule on each (vlan) interface:

Code Select Expand


protocol IPv4
source blah blah
destination (important!) tick the box (so destination = NOT)
select the Local subnets alias you created above


Create one allow rule for TCP/UDP 53 (DNS) with destination the interface IP (just select it from the dropdown), on each interface

Create one allow rule for UDP 123 (NTP) with destination the interface IP, on each interface.

Solved, You are welcome  ;D

Advanced version: Create an alias with the used ports (if you want to limit outgoing traffic based on specific ports). When creating the allow rule (the local subnets one) on the interfaces, select the port alias as well.

You are double welcome  ;D

[dmz00]

I Created an alias of

1.) X.X.X.X/24
2.) Went into the interface rule I needed.
3.) Created Source to ANY and Destination to the Alias for dns/http/https and I still can't get out.

What Did I do wrong?