Wifi to dmz

[gmiserk]

Hi all

I have this opnsens

192.168.1.1 opnsens  (all in mask /24)
   ---------------------------------------------
    - wan 192.168.0.1
    - lan 192.168.1.1
    - dmz 192.168.2.1
    - wifi 192.168.4.1  + (dhcp range ( .4.5 to .4.20)

    ---------------------------------------------



I try to reach serveur in dmz from wifi client.
   like this : ping 192.168.2.10 (web serveur)  from 192.168.4.10 but no way.


   and i get allways a : Block deny rule when i try to access 192.168.2.10 from a webrowser in wifi client 192.168.4.10
 i have got a deny  : src 192.168.2.10:80 dst 192.168.4.10:55120 default deny rule


All is working, wifi client can access internet, except that i cant access my Web service  in dmz from wifi client.

I have added a rule like this
Pass 192.168.3.0 http  192.168.1.4 (Web serveur) any

wifi users can access to internet and lan users but not dmz serveur
lan users and internet users can acces to my webserver in dmz.

Something is wrong....
Any help is welcome

Opnsense 21.7

[cookiemonster]

Nothing is wrong. OPN has no built in DMZ with the appropriate firewall rules to make it so.
I presume you created it. From OPN's point of view is just a string, a name. It is still another network. When you create a network segment on an interface, you need to create the rules you need.
I'm guessing the setting "Block private networks" is enabled in Interfaces > "DMZ".
Assuming you know what you're doing removing that

[lfirewall1243]

You'll need ALLOW Rules on the Interfaces to Allow Traffic in the other subnet.

Normally on LAN there is already an Allow All Rule.
When you create a new Interface, everything will be blocked by default.
But don't create allow all Rules on each Interface, because that wouldn't make sense...

Gesendet von meinem M2012K11AG mit Tapatalk