OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.7 Legacy Series »
  • Allow LAN TO LAN traffic
« previous next »
  • Print
Pages: [1]

Author Topic: Allow LAN TO LAN traffic  (Read 1384 times)

amd.64

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Allow LAN TO LAN traffic
« on: October 09, 2022, 11:35:35 pm »
I have two separate LANS
192.168.107.X "Private" Network
192.168.214.X "Guest" Network

On my guest network I have multiple wireless routers being used as wireless access points. (nothing connected to the WAN port.

From the "private" network I am able to ping 192.168.214.1, the opnsense interface on that network. However, I am unable to ping any other device on that network, IE any of the routers. If needed I would really like to administer those devices with out actually having to connect to them.

I did create a rule on the guest network firewall to allow any traffic from the private network. As well as one to allow traffic from guest to private on the private interface.

What else do I need to do?

Thank You
Logged

Demusman

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: 13
    • View Profile
Re: Allow LAN TO LAN traffic
« Reply #1 on: October 09, 2022, 11:46:27 pm »
You have that backwards.
If you want to access the guest from the private, you put the rule on the private interface
Logged

amd.64

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Re: Allow LAN TO LAN traffic
« Reply #2 on: October 10, 2022, 12:16:40 am »
I actually have a rule in both interfaces allowing traffic between the two, but still can only ping the guest interface from the private interface.

Please see attached image.

Snoopy is the Private Network (I am a Peanuts fanatic)
« Last Edit: October 10, 2022, 12:18:15 am by amd.64 »
Logged

Demusman

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: 13
    • View Profile
Re: Allow LAN TO LAN traffic
« Reply #3 on: October 10, 2022, 01:36:43 am »
Again, you have them backwards.

"I did create a rule on the guest network firewall to allow any traffic from the private network."

This makes no sense, you can't put a rule on the guest to allow the private.
You have to put a rule on the private to allow it to access the guest.

Think of it like this, you have a front door on your house, you either allow people in or you block them there.
If they are allowed in, they can leave through any other door.
The front door is any interface on the router. Once traffic is allowed into the interface, it can go anywhere you let it.

"In" is traffic into the interface from the connected network.
"out" is traffic from the interface TO the connected network.
Both interfaces are the same interface, a rule on LAN does not have any control over the guest interface.
So guest IN, is from the guest network into the firewall.
Guest out is from the firewall to the GUEST network.

So on the private, you need a rule with private net (or specific device(s) ) as source, and guest net as destination.
Get it?
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.7 Legacy Series »
  • Allow LAN TO LAN traffic
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2