Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
iot VLAN should not go into the LAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: iot VLAN should not go into the LAN (Read 2684 times)
vikozo
Full Member
Posts: 211
Karma: 5
iot VLAN should not go into the LAN
«
on:
October 14, 2020, 08:53:18 am »
Hello
i have a WLAN with SSID "iot" on a VLAN 42!
on the opnSense i got the VLAN as network and conected to the LAN Port.
DHCP is giving out IP Adress to the iot SSID from the VLAN 42
Now i have LAN where the computer/laptop are.
now the rule about this vlan should be
1) no access from vlan42 to LAN
2) access from vlan42 to WAN
3) access from LAN to vlan42 (else i can't configure theme)
Thanks for your help and feedback
vinc
Logged
apu2c4 / wle200nx / 240 Disk
--> Firewall | FW-03
---
OPNsense 22.1.6-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: iot VLAN should not go into the LAN
«
Reply #1 on:
October 14, 2020, 11:45:20 am »
I really recommend to read the docs to understand how the packet filter in OPNsense works.
Usually you define your rules on the interface where the packet is incoming from.
So in your case:
1) on interface vlan42 a block rule for destination LAN network
2) on interface vlan42 an allow rule for destination any
3) on interface LAN an allow any (or whatever ports you want to open) rule destination vlan42 network
you even could combine 1 and 2 into one rule. You delete rule no1 and change rule no 2: You just need to set the destination to your LAN network and make that entry inverted by the checkbox above. That rule then means: everything what is NOT destined to your LAN network is allowed, in this case the WAN. You can create an alias which holds all your local networks and use that instead of "LAN network" as destination.
Logged
„The S in IoT stands for Security!“
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
iot VLAN should not go into the LAN