wrong setup do not segmentation on vlans

poisonFW · October 22, 2021, 05:51:24 PM

Hi, i have a wrong setup because I do not have a segmentation on the vlans; i tried to add rules to blocks all traffic from others vlans and leave only the possibility to exit on the wan; but these rules never applied, and this default rule "let out anything from firewall host itself" is activated instead.
here a simple draw of the network:
https://ibb.co/3hngxpY
here the log on the activation rule:

Code Select

vlan_SERVICE Oct 22 17:22:38 10.10.0.253 10.40.0.253 icmp let out anything from firewall host itself
the ping commnad i execute on a host on other vlan and I expected it to fail.
what settings should i see to restore vlan traffic isolation?

Greelan · October 23, 2021, 04:30:50 AM

This discussion should give you the idea: https://forum.opnsense.org/index.php?topic=25228.0

Otherwise post your rules here for troubleshooting

poisonFW · October 25, 2021, 03:19:02 PM

I resolved it with the rules you have cited, now I use these rules:
VLAN1

allow all traffic incoming from vlan control [vlan10]
block all traffic from others vlans [ ! vlan1]
allow all traffic incoming [to wan and beyond]

it works how i think it shuld be; thx

wrong setup do not segmentation on vlans

poisonFW

October 22, 2021, 05:51:24 PM

Greelan

October 23, 2021, 04:30:50 AM #1

poisonFW

October 25, 2021, 03:19:02 PM #2