How to isolate PC on the network from untrusted computers?

Started by newman87, January 31, 2022, 01:40:49 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 31, 2022, 01:40:49 PM Last Edit: January 31, 2022, 02:00:01 PM by newman87
Hi,Ι want to block traffic/isolate my PC1 from untrusted PCs (PC2 and PC3) on the network.See image attached of the topology of the network.
So,I have 2 routers, one commercial router(Router 1), and one OPNSense router. The OPNSense router is behind Router 1.
On the OPNSense router is connected the PC1.On Router 1 are connected the UNTRUSTED computers PC2 and PC3.My question is, how to block traffic from  PC1 to Untrusted PC2 and PC3 and vice versa? (PC1 should have only traffic from internet.)
What firewall rules should I use for this or other technologies (like Captive Portal,Web proxy etc)?
Thanks in advance
January 31, 2022, 02:20:08 PM #1
if OPNSense is not setup as NET for the connection the the router1, then you can create a firewall rule to block traffic from the Wifi subnet.
January 31, 2022, 02:40:02 PM #2
Hello,thanks for the reply.I added a firewall rule with (see image attached):
Interface:WIFI
Direction:In
Protocol:Any
Source:Any
Source port:Any
Destination:WIFI Net
Destination port:Any

Is this correct? How can I test it (On linux)? Is there something more I can do to protect my PC from routing from untrusted PCs?
Thanks

January 31, 2022, 04:46:51 PM #3
The picture shows PC1 is on WIFI network. I am not sure what those really mean. Also, Is the OPNSense connected to the other router with NAT/WAN port?

Do you have any routing configured?
January 31, 2022, 04:59:59 PM #4
QuoteThe picture shows PC1 is on WIFI network. I am not sure what those really mean. Also, Is the OPNSense connected to the other router with NAT/WAN port?

Do you have any routing configured?

The WAN port of the OPNSense router is connected to a LAN port of the Router 1. I have configured nothing at all for this,just inserted the  ethernet cable connecting the 2 routers.
January 31, 2022, 06:24:54 PM #5
typically the WAN port is NAT'd which means that the traffic from the other two PC's should not be able to make it to the PC1. Firewall is set by default to block incoming traffic on the WAN interface.
January 31, 2022, 07:34:16 PM #6
QuoteFirewall is set by default to block incoming traffic on the WAN interface.

This is true,WAN has no firewall rules,so it means all traffic is blocked. However,how my devices, connected to the OPNSense router, surf the web?
Thanks
January 31, 2022, 07:57:22 PM #7
yes the PC1 can surf the Web since they establish the connection, traffic can find their ways back without an issue.
Print
Go Up Pages1
User actions