Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
IPv4 Firewall: Outbound Rules usecase?
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPv4 Firewall: Outbound Rules usecase? (Read 2247 times)
jimpd
Newbie
Posts: 15
Karma: 0
IPv4 Firewall: Outbound Rules usecase?
«
on:
April 04, 2020, 10:01:47 pm »
Hi all
Can someone please explain when outbound rules on for example the LAN interface are required? If I want to expose a port to the internet I create a new NAT -> Port Forward rule but I don't need any other special outbound rule on the LAN interface.
So what is its use case with IPv4?
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: IPv4 Firewall: Outbound Rules usecase?
«
Reply #1 on:
April 04, 2020, 10:09:18 pm »
If you want to control the outbound NAT behavior.
Some network designs need special outbound processing and in such cases the default generated rules do not fit the needs.
For example if you have multiple LAN interfaces and multiple virtual IPs and you want to control that each LAN interfaces is using a different WAN IP. Just one use case they are handy.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
jimpd
Newbie
Posts: 15
Karma: 0
Re: IPv4 Firewall: Outbound Rules usecase?
«
Reply #2 on:
April 04, 2020, 10:14:47 pm »
Thank you for your reply.
If I have multiple virtual IPs on a single LAN interface, I can simply specify the IP on which the port should listen as the destination address in the NAT rule.
Probably you are right and I can **also** do it with outbound rules on the LAN interface, but in my opinion punching a whole into the firewall and **afterwards** closing it again with an outbound rule is not the best way to do it.
Can you think of any other use cases?
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: IPv4 Firewall: Outbound Rules usecase?
«
Reply #3 on:
April 04, 2020, 10:30:19 pm »
Sorry that was not so clear, I meant:
If you have multiple virutal IPs on WAN and multiple LAN interfaces.
For Example you have: GUESTLAN, WIFILAN and LAN. Each has its own Interface or VLAN and its own Subnet.
Now you have 3 WAN addresses and you want that each local network appears with its own public IP. Than outbound NAT rules can handle it.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
IPv4 Firewall: Outbound Rules usecase?