Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Trying to tighten up some rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Trying to tighten up some rules (Read 1829 times)
loganx1121
Full Member
Posts: 123
Karma: 0
Trying to tighten up some rules
«
on:
November 08, 2019, 03:36:08 am »
So I have several subnets inside my LAN and right now, to get out to the interent, there are rules for each of the subnets on the LAN interface of the firewall that basically say - allow ipv4 out to anything.
I decided I wanted to try to tighten these up a bit, so I was trying to change the destination to my WAN interface (which I've named INET) and every time I try to do that, nothing on the subnet can get outside the LAN network. I've tried making the rule go in and out on the WAN interface, I've tried in and out on the LAN interface...I've tried a bunch of things, but it seems like regardless of what I do, nothing on my server subnet can get out to the internet. Here's some screenshots of what I tried last that isn't working.
I'm testing this by trying to ping continuously to 8.8.8.8 from one of the servers, and I can see it hitting the default deny rule, I'm just not sure why.
Thanks in advance for any advice
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: Trying to tighten up some rules
«
Reply #1 on:
November 08, 2019, 05:59:09 pm »
I would have thought that 8.8.8.8 is not your WAN interface address. If it is, say hi to the rest of the guys at Alphabet
The range of destination IP's on the internet is best captured with 'any'. If you want to exercise more control you should look at running a squid proxy on OPNsense.
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Trying to tighten up some rules