Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
opnsense as FW LAN/DMZ
« previous
next »
Print
Pages: [
1
]
Author
Topic: opnsense as FW LAN/DMZ (Read 773 times)
mauro
Newbie
Posts: 22
Karma: 0
opnsense as FW LAN/DMZ
«
on:
March 17, 2023, 02:57:22 pm »
Dear all,
I'm working on OPN for few weeks now tring to get the best configuration between my old architecture and new possibilities using OPN
At the moment I want to move on using OPNSense as firewall between LAN and DMZ and used as default Gateway.
I use APU2c4 with 3NIC
igb0:wan
igb1:LAN
igb1: DMZ
Lan and intranet are online, no problem
I have problems to get the DMZ online. What I can see from the FW live view log is that all attempts from DMZ IPs are blocked.
In DMZ FW rules I added one source,DMZ, dst: wan net but still no way to get online
The message from the FW log says: Default deny / state violation rule and I can't figure out the default rule.
Can someone point me to some direction of investigation?
thanks
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: opnsense as FW LAN/DMZ
«
Reply #1 on:
March 17, 2023, 03:18:00 pm »
"dst: wan net" is not what you think it is. This is not "the Internet" but only the directly connected network on your WAN interface. The Internet is "any".
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
mauro
Newbie
Posts: 22
Karma: 0
Re: opnsense as FW LAN/DMZ
«
Reply #2 on:
March 18, 2023, 02:31:44 am »
HI pmhausen,
thanks for your reply and help. Unfortunately the DMZ does not go online plus I discovered one more weird thing.
1) I changed the FW rule in DMZto allow src:DMZnet dst:port53, dst:DMZ address
2) add src: DMZnet dst port:any dst:any
at least the #2 I though should give full access from the DMZ to internet but didn't
The weird thing is that I try to connect using openvpn to one machine in the DMZ (dst port:1194) and these packets are not shown in the firewall log during the connection attempt. For the record it doesn't connect and possibly pakets are denied without log?!
Is there any further hints for me to follow?
Cheers
Logged
mauro
Newbie
Posts: 22
Karma: 0
Re: opnsense as FW LAN/DMZ [SOLVED]
«
Reply #3 on:
March 28, 2023, 11:17:31 am »
At the end I followed the online opnsense documentation about guest network
https://docs.opnsense.org/manual/how-tos/guestnet.html
showing the FW configuration for the 2nd network.
Next is to tweak a guest network as DMZ allow traffic in for specific port
thx
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
opnsense as FW LAN/DMZ